Originally posted by NickFitz
View Post
The firewall at Amazon's end imposes a very strict security model. As far as I can tell, if you open a port (e.g. 3306 for MySQL) you have to specify an IP address or range, not a hostname - and obviously I don't want to open the database server up to a range of randomly-assigned Virgin IP addresses, even though there's only a minimal chance of some random bot on some local loser's machine trying to break into MySQL and happening across my server. So, when my IP changes, I have to close off the old IP address and open things up for the new one. Still, the Elasticfox FF extension makes that part pretty easy.
The MySQL server checks privileges for the incoming user and host combination, but when it does a reverse DNS lookup on the IP address the hostname it gets is something like cpc1-town8-0-0-cust666.twn5.cable.ntl.com, which also changes when the IP address changes. Once I SSH in (which uses keypairs) and use the MySQL command line to grant the requisite privileges to 'user'@'123.123.123.12', I'm then able to use the GUI-based MySQL admin tools on my laptop to connect and get rid of the old hostnames associated with 'user'. I could grant those privileges to 'user' for any host, but again that's potentially risky if some bot or hacker is trying the door handles (despite my very secure password).
The real problem was that this is the first time my IP address has changed since I set this lot up, so when a connection profile that worked yesterday suddenly stopped working, it took me a while to work out what was going on
The MySQL server checks privileges for the incoming user and host combination, but when it does a reverse DNS lookup on the IP address the hostname it gets is something like cpc1-town8-0-0-cust666.twn5.cable.ntl.com, which also changes when the IP address changes. Once I SSH in (which uses keypairs) and use the MySQL command line to grant the requisite privileges to 'user'@'123.123.123.12', I'm then able to use the GUI-based MySQL admin tools on my laptop to connect and get rid of the old hostnames associated with 'user'. I could grant those privileges to 'user' for any host, but again that's potentially risky if some bot or hacker is trying the door handles (despite my very secure password).
The real problem was that this is the first time my IP address has changed since I set this lot up, so when a connection profile that worked yesterday suddenly stopped working, it took me a while to work out what was going on
Comment