Opened 7 years ago

Last modified 7 years ago

#4323 new Bug/Something is broken

audit mysql users on viewsic

Reported by: https://id.mayfirst.org/jamie Owned by: https://id.mayfirst.org/jamie
Priority: Medium Component: Tech
Keywords: mysql viewsic permissions Cc:
Sensitive: no

Description

During a past period, viewsic ran a network-accessible MySQL server for multiple hosts, which connected to it view mysql.mayfirst.org.

As a result of that legacy, many mysql users that are on viewsic still access the database view mysql.mayfirst.org rather than localhost.

At least one user (TDU) does access their database remotely (and needs to), so we are still running MySQL on a publicly accessible interface for them.

However, for all MySQL users on viewsic who are accessing the databsae from viewsic, we should change their MySQL permissions to restrict their access to localhost and change their web app configurations to connect to the database via localhost.

Change History (3)

comment:1 Changed 7 years ago by https://id.mayfirst.org/jamie

See #4319.

comment:2 Changed 7 years ago by https://id.mayfirst.org/dkg

perhaps we could also help that member connect over an ssh tunnel, to have one fewer public-facing network service running on this host?

comment:3 Changed 7 years ago by https://id.mayfirst.org/jamie

Looks like putty supports ssh tunnels, which should make this possible on a windows client.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.