Paul Schmehl wrote:
--On April 6, 2009 11:41:06 PM -0400 DAve <dave.l...@pixelhammer.com>
Olivier Nicole wrote:
Has anyone setup two instances of MySQL on the same server? One
running just a client's DBs? Any advice would be helpful.
That is not answering your question directly, but MySQL works finr
over an SSH tunnel.
You'd have your users connect/authenticate with SSH first to establish
the tunnel, then they'd use the tunnel to forward the NySQl
I doubt the would be an option without a GUI to do everything for the
user. I suggested a VPN which we can setup easily with a Cisco Client.
No answer back from the account manager on that option.
If your client needs a gui to access mysql, why not use phpmyadmin (or a
similar gui-based admin utility) and restrict access to his IP(s)? You
can do this with your firewall rules or by using .htaccess. You can
also force SSL connections, which would protect against MITM attacks on
a cleartext session.
Nope, no web based php admin tools here. Won't touch them. I ahve enough
security items to track every day.
(You can also require SSL and secure auth for the db and restrict access
by IP using the format usern...@fqdn, but you stated that you're not
comfortable depending *only* upon mysql's security capabilities.)
However, I would suggest that you provide, as you suggest, a separate
instance of mysql just for this client as well. If they screw up the
instance they won't affect other customers. To run a separate instance,
I would suggest using different names for the binaries, conf files and
datadir. This can be easily done using symlinks; e.g. mysql and
mysql-special. Then copy the startup script in /usr/local/etc/rc.d/,
rename it to mysql-special and edit it to change all references to the
newly-named instance. Use a my-special.cnf file for the special
instance and reference it in /etc/rc.conf using mysql_args=.
Thanks, looks like it would be doable. I do plan to use a separate
my.cnf, separate logging, and even a seperate mysql DB. I was going to
share the binaries but I may rethink that decision after your suggestion.
Thanks for the response.
"Posterity, you will know how much it cost the present generation to
preserve your freedom. I hope you will make good use of it. If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"