Opened 8 years ago

Last modified 8 years ago

#4323 new Bug/Something is broken

audit mysql users on viewsic

Reported by: Jamie McClelland Owned by: Jamie McClelland
Priority: Medium Component: Tech
Keywords: mysql viewsic permissions Cc:
Sensitive: no


During a past period, viewsic ran a network-accessible MySQL server for multiple hosts, which connected to it view

As a result of that legacy, many mysql users that are on viewsic still access the database view rather than localhost.

At least one user (TDU) does access their database remotely (and needs to), so we are still running MySQL on a publicly accessible interface for them.

However, for all MySQL users on viewsic who are accessing the databsae from viewsic, we should change their MySQL permissions to restrict their access to localhost and change their web app configurations to connect to the database via localhost.

Change History (3)

comment:1 Changed 8 years ago by Jamie McClelland

See #4319.

comment:2 Changed 8 years ago by Daniel Kahn Gillmor

perhaps we could also help that member connect over an ssh tunnel, to have one fewer public-facing network service running on this host?

comment:3 Changed 8 years ago by Jamie McClelland

Looks like putty supports ssh tunnels, which should make this possible on a windows client.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.