mySQL remote user account

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

SimonMac replied

26 May 2019, 14:28
Originally posted by NickFitz View Post

As you suspect, that's pretty insecure, though I've often done it myself just to make life easier

You should be able to create a user such as 'simonmacs-amazing-backup-automaton'@'simonmacs-dynamic-dns-name.example.com' which will work as long as your dynamic DNS thing auto-updates when your IP changes.

Note that the username and domain bits should be in their own sets of quotes and the @ not, as explained in the docs at MySQL 8.0 Reference Manual :: 6.2.4 Specifying Account Names

Thanks, will have a go at that, I tried to look at those pages but got lost when they started talking about reverse DNS and the like
Leave a comment:
NickFitz replied

25 May 2019, 12:30
Originally posted by SimonMac View Post

Seems creating a user name user@% allows it from all IP's, probably not the securest method but it works

As you suspect, that's pretty insecure, though I've often done it myself just to make life easier

Originally posted by SimonMac View Post

I know I can create a user account user@publicIPaddress but as I do not have a static IP from my ISP so it will change periodically.

Is there a method for getting this to work with a single user account? I have a dynamic DNS setting so user@dynamicDNSname will always resolve the same place even when the IP address changes

You should be able to create a user such as 'simonmacs-amazing-backup-automaton'@'simonmacs-dynamic-dns-name.example.com' which will work as long as your dynamic DNS thing auto-updates when your IP changes.

Note that the username and domain bits should be in their own sets of quotes and the @ not, as explained in the docs at MySQL 8.0 Reference Manual :: 6.2.4 Specifying Account Names

The user name and host name need not be quoted if they are legal as unquoted identifiers. Quotes are necessary to specify a user_name string containing special characters (such as space or -), or a host_name string containing special characters or wildcard characters (such as . or %) (for example, 'test-user'@'%.com').

Quote user names and host names as identifiers or as strings, using either backticks (`), single quotation marks ('), or double quotation marks ("). For string-quoting and identifier-quoting guidelines, see Section 9.1.1, “String Literals”, and Section 9.2, “Schema Object Names”.

The user name and host name parts, if quoted, must be quoted separately. That is, write 'me'@'localhost', not 'me@localhost'; the latter is actually equivalent to 'me@localhost'@'%'.
Leave a comment:
SimonMac replied

24 May 2019, 09:25
Originally posted by TheGreenBastard View Post

Bit of an anti-pattern if you want to have some resemblance of security, you're basically opening it up to the world for convenience. You probably already know this feels wrong and is wrong.

Typically you might have a "jump box" in this situation; a server instance on the Azure network which is white-listed to communicate with the MySQL server; this box is secured however to restrict access to trusted parties and you connect via SSH through the jump box. Most database clients that work with MySQL make this pretty seamless when creating a connection configuration using a SSH tunnel type connection.

A jump box creates a common audit log if setup that way too.

The mySQL box is on a NSG that is configured to only allow connections from my public IP, or from within the VLAN that the box and other webservers are attached to.

Not fool proof but hopefully reduced the risk
Leave a comment:
TheGreenBastard replied

24 May 2019, 08:36
Originally posted by SimonMac View Post

Seems creating a user name user@% allows it from all IP's, probably not the securest method but it works

Bit of an anti-pattern if you want to have some resemblance of security, you're basically opening it up to the world for convenience. You probably already know this feels wrong and is wrong.

Typically you might have a "jump box" in this situation; a server instance on the Azure network which is white-listed to communicate with the MySQL server; this box is secured however to restrict access to trusted parties and you connect via SSH through the jump box. Most database clients that work with MySQL make this pretty seamless when creating a connection configuration using a SSH tunnel type connection.

A jump box creates a common audit log if setup that way too.
Leave a comment:
SimonMac replied

23 May 2019, 16:55
Originally posted by woohoo View Post

I don't mean this in a funny way like go and google it. But the last couple of times I've contacted Azure with a question they have been really helpful. Might be worth asking them.

Seems creating a user name user@% allows it from all IP's, probably not the securest method but it works
Leave a comment:
woohoo replied

23 May 2019, 14:12
I don't mean this in a funny way like go and google it. But the last couple of times I've contacted Azure with a question they have been really helpful. Might be worth asking them.
Leave a comment:
SimonMac started a topic mySQL remote user account

23 May 2019, 13:39
mySQL remote user account
I am trying to backup an Azure mySQL database, I understand I need to create a user account on @remotehost called user@localhost

However when I run the mysqldump command the user is coming back as user@publicIPaddress rather than user@localhost

Code:

Access denied for user 'backup'@'2.xxx.xxx.xxx' (using password: YES) when trying to connect

I know I can create a user account user@publicIPaddress but as I do not have a static IP from my ISP so it will change periodically.

Is there a method for getting this to work with a single user account? I have a dynamic DNS setting so user@dynamicDNSname will always resolve the same place even when the IP address changes
Last edited by SimonMac; 23 May 2019, 13:42.
Tags: None