Connecting from different host in different network.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
jlising
Forum Commoner
Posts: 33
Joined: Mon Mar 19, 2007 1:48 am
Location: Pampanga, Philippines
Contact:

Connecting from different host in different network.

Post by jlising »

Hello,

Is it possible to connect a php script to mysql server located to different network?

like for example, i have a script in http://www.myphpserver.com and connect it to http://www.mymysqlserver.com.

If possible, what are the procedures and precautions should i follow.

Thanks!
bdlang
Forum Contributor
Posts: 395
Joined: Tue May 16, 2006 8:46 pm
Location: Ventura, CA US

Post by bdlang »

Yes, as long as the MySQL server allows connections from either all hosts or the specific host PHP is on, and the MySQL user you connect with is able to connect from the same host.

Do you have administrator privileges on the MySQL server?
User avatar
jlising
Forum Commoner
Posts: 33
Joined: Mon Mar 19, 2007 1:48 am
Location: Pampanga, Philippines
Contact:

Post by jlising »

Thanks for the reply.

Yes i have an administrator account.
bdlang
Forum Contributor
Posts: 395
Joined: Tue May 16, 2006 8:46 pm
Location: Ventura, CA US

Post by bdlang »

Alright, then it should be easy enough to give the user the permissions they need to access the database(s) from that address. Don't forget to make sure your MySQL server's port 3306 is not blocked, and make sure that it uses TCP to listen on 3306 (take a look at the skip-networking config option, make sure it's commented out in either the server startup or the my.cnf).
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Also, make sure the MySQL user is given just enough permissions to do what it needs, nothing more. That probably means restricted to a few tables, and ability to select, insert, possibly update, but nothing else.
bdlang
Forum Contributor
Posts: 395
Joined: Tue May 16, 2006 8:46 pm
Location: Ventura, CA US

Post by bdlang »

I agree. This is also why I don't recommend using the '%' wildcard to allow all hosts to connect.
User avatar
jlising
Forum Commoner
Posts: 33
Joined: Mon Mar 19, 2007 1:48 am
Location: Pampanga, Philippines
Contact:

Post by jlising »

Thanks a lot guys! This is very informative.
Post Reply