#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Location
    Lakewood, WA
    Posts
    196
    Rep Power
    17

    Remote DB Access


    I use MySQL, but this is a general DB question...

    I'd like to use the MySQL Workbench to access my MySQL server, which is on a "cloud" image of CentOS.

    Currently, I'm using command line or phpMyAdmin.

    But MySQL Workbench would of course run on my machine on my desk in my lovely home many zillions of miles from this cloud...

    When setting up MySQL, I almost certainly said "no" when asked about remote access, but I can of course change that.

    SO, the question is:

    1. Is allowing remote access so I can use the MySQL Workbench application "dangerous" from a hacking standpoint?

    2. Would it help if I used a non-standard port?

    3. Should I perhaps open the port when I want to use the Workbench app and close the port when done (inconvenient)?

    4. Is all of this too much trouble?

    I've never used the Workbench application, but it's intriguing, and I wanted to see if it offers me any benefits visualizing and tuning my databases and tables...

    - Thanks, Arty...
  2. #2
  3. Lord of the Dance
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Oct 2003
    Posts
    4,123
    Rep Power
    2010
    1) If you open up something, then it will lower the security at some point.
    2) It might be able to stop something, but a port is still open.
    3) I would say that depend at how much you need it open.
    4) Maybe you should decide why you want to use Workbench instead of command line or phpMyAdmin.
    No matter how you want to access the data remotely, with phpMyAdmin or something else, you still require a port open; so just looking at that part only - "it is the same".
    One way to improve the security, is to only allow access from a specific IP.

    You say you can use command line? How do you get access by that?
    Have you considered any form of VPN connection, if possible?
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Location
    Lakewood, WA
    Posts
    196
    Rep Power
    17
    You say you can use command line? How do you get access by that?
    I have root access / terminal access. I use sudo when I need root, of course.
    Have you considered any form of VPN connection, if possible?
    No. Guess I should learn how...
  6. #4
  7. Lazy Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,279
    Rep Power
    9645
    Are you using SSH? MySQL Workbench can use it to connect.

    You can also do that manually. Use port forwarding to create a tunnel over SSH: pick a port on your computer and "map" that to the MySQL server.
    Example: with command-line ssh, mapping port 9000 to the server's own 3306 would be
    Code:
    ssh [options...] -i /path/to/key.pem -L 9000:localhost:3306 user@host
    Or if you're connecting to a different server that isn't running MySQL but has access to the one that is (say, 10.0.0.123),
    Code:
    ssh [options...] -i /path/to/key.pem -L 9000:10.0.0.123:3306 user@host
    With Putty the options are in Connection > SSH > Tunnels, and it's a "local" forward.
    Last edited by requinix; March 30th, 2017 at 03:49 AM.

IMN logo majestic logo threadwatch logo seochat tools logo