Best Practices for Securing Remote Access to MySQL
The security of remote access to MySQL is guaranteed by restricting permissions, encrypting communications, and regular audits. 1. Set a strong password and enable SSL encryption. Force --ssl-mode=REQUIRED when connecting to the client; 2. Restrict access to IP and user rights, create a dedicated account and grant the minimum necessary permissions, and disable root remote login; 3. Configure firewall rules, close unnecessary ports, and use springboard machines or SSH tunnels to enhance access control; 4. Enable logging and regularly audit connection behavior, use monitoring tools to detect abnormal activities in a timely manner, and ensure database security.
Remote access to MySQL is part of the daily work of many developers and system administrators, but if not configured correctly, it can become the source of security vulnerabilities. The most direct point is that the security of remote access to MySQL depends on how you restrict access, encrypt communications, and regularly audit connection behavior .
Below are some practical suggestions that can help you do this more securely.
1. Use a strong password and enable SSL encryption
MySQL uses plain text to transmit data by default. If someone monitors network traffic in the middle, the account password may be intercepted. so:
- Set complex passwords to avoid using common vocabulary or default account names.
- Enable SSL connection , enable
sslin the MySQL configuration file and require the client to force it. - When connecting to the client, add
--ssl-mode=REQUIREDparameter to ensure that the connection does not go in plain text.
Although SSL is not omnipotent, it can at least add a layer of protection to the transport layer to prevent "running naked".
2. Restrict access to IP and user permissions
For convenience, many people directly open % permissions to a certain user, that is, allow access from any IP, which is actually very dangerous.
- Only specific IP or IP segments are allowed to access . For example, if you work in the office, you will bind the company's export IP; if it is a dynamic IP, you can consider using a springboard machine or an intranet penetration tool.
- Do not use the root user to log in remotely , create a dedicated account, and grant only the minimum necessary permissions (such as read-only accounts cannot be written).
- Deleting anonymous users and testing databases is often the first step for an attacker.
For example:
CREATE USER 'remote_user'@'192.168.1.100' IDENTIFIED BY 'StrongPass!123'; GRANT SELECT, INSERT ON mydb.* TO 'remote_user'@'192.168.1.100';
The advantage of this is that even if the account is leaked, the scope of impact is limited.
3. Isolate with firewalls and services
In addition to the configuration of MySQL itself, security policies at the operating system level are also critical:
- Close unnecessary ports . MySQL defaults to 3306, ensuring that only this port is exposed to the outside world.
- Configure firewall rules on the server, such as iptables or ufw, to allow only specific IP or subnet access.
- If conditions permit, place the database in a private network and access it through a springboard (Jump Host) or VPN.
For example, you can do this:
- Setting up a firewall allows only IPs from your development machine to access port 3306
- Use SSH tunnel to connect to MySQL, so that even if the 3306 is not open to the public, it can operate remotely
Although this approach is a little bit troublesome, it greatly reduces the risk of being scanned.
4. Regular audit logs and connection records
Many times, security problems do not break out suddenly, but accumulate slowly. so:
- Enable MySQL's slow query log, error log, and general query log to see if there are any abnormal connection attempts.
- Check the current connection regularly and use
SHOW PROCESSLIST;see if someone has occupied resources for a long time. - Use monitoring tools such as Prometheus Grafana or Zabbix to observe database status in real time.
If you find that a strange IP fails to frequently try to connect, it is likely that it is brute-force cracking. At this time, you should update your password or block the IP immediately.
Basically that's it. Remote access to MySQL itself is not difficult, but to be truly secure, you need to start from multiple levels, not just changing a few configurations.
The above is the detailed content of Best Practices for Securing Remote Access to MySQL. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
How to add a primary key to an existing table in MySQL?
Aug 12, 2025 am 04:11 AM
To add a primary key to an existing table, use the ALTERTABLE statement with the ADDPRIMARYKEY clause. 1. Ensure that the target column has no NULL value, no duplication and is defined as NOTNULL; 2. The single-column primary key syntax is ALTERTABLE table name ADDPRIMARYKEY (column name); 3. The multi-column combination primary key syntax is ALTERTABLE table name ADDPRIMARYKEY (column 1, column 2); 4. If the column allows NULL, you must first execute MODIFY to set NOTNULL; 5. Each table can only have one primary key, and the old primary key must be deleted before adding; 6. If you need to increase it yourself, you can use MODIFY to set AUTO_INCREMENT. Ensure data before operation
Explain database indexing strategies (e.g., B-Tree, Full-text) for a MySQL-backed PHP application.
Aug 13, 2025 pm 02:57 PM
B-TreeindexesarebestformostPHPapplications,astheysupportequalityandrangequeries,sorting,andareidealforcolumnsusedinWHERE,JOIN,orORDERBYclauses;2.Full-Textindexesshouldbeusedfornaturallanguageorbooleansearchesontextfieldslikearticlesorproductdescripti
How to back up a database in MySQL
Aug 11, 2025 am 10:40 AM
Using mysqldump is the most common and effective way to back up MySQL databases. It can generate SQL scripts containing table structure and data. 1. The basic syntax is: mysqldump-u[user name]-p[database name]>backup_file.sql. After execution, enter the password to generate a backup file. 2. Back up multiple databases with --databases option: mysqldump-uroot-p--databasesdb1db2>multiple_dbs_backup.sql. 3. Back up all databases with --all-databases: mysqldump-uroot-p
How to change the GROUP_CONCAT separator in MySQL
Aug 22, 2025 am 10:58 AM
You can customize the separator by using the SEPARATOR keyword in the GROUP_CONCAT() function; 1. Use SEPARATOR to specify a custom separator, such as SEPARATOR'; 'The separator can be changed to a semicolon and plus space; 2. Common examples include using the pipe character '|', space'', line break character '\n' or custom string '->' as the separator; 3. Note that the separator must be a string literal or expression, and the result length is limited by the group_concat_max_len variable, which can be adjusted by SETSESSIONgroup_concat_max_len=10000; 4. SEPARATOR is optional
What is the difference between UNION and UNION ALL in MySQL?
Aug 14, 2025 pm 05:25 PM
UNIONremovesduplicateswhileUNIONALLkeepsallrowsincludingduplicates;1.UNIONperformsdeduplicationbysortingandcomparingrows,returningonlyuniqueresults,whichmakesitsloweronlargedatasets;2.UNIONALLincludeseveryrowfromeachquerywithoutcheckingforduplicates,
How to lock tables in MySQL
Aug 15, 2025 am 04:04 AM
The table can be locked manually using LOCKTABLES. The READ lock allows multiple sessions to read but cannot be written. The WRITE lock provides exclusive read and write permissions for the current session and other sessions cannot read and write. 2. The lock is only for the current connection. Execution of STARTTRANSACTION and other commands will implicitly release the lock. After locking, it can only access the locked table; 3. Only use it in specific scenarios such as MyISAM table maintenance and data backup. InnoDB should give priority to using transaction and row-level locks such as SELECT...FORUPDATE to avoid performance problems; 4. After the operation is completed, UNLOCKTABLES must be explicitly released, otherwise resource blockage may occur.
How to select data from a table in MySQL?
Aug 19, 2025 pm 01:47 PM
To select data from MySQL table, you should use SELECT statement, 1. Use SELECTcolumn1, column2FROMtable_name to obtain the specified column, or use SELECT* to obtain all columns; 2. Use WHERE clause to filter rows, such as SELECTname, ageFROMusersWHEREage>25; 3. Use ORDERBY to sort the results, such as ORDERBYageDESC, representing descending order of age; 4. Use LIMIT to limit the number of rows, such as LIMIT5 to return the first 5 rows, or use LIMIT10OFFSET20 to implement paging; 5. Use AND, OR and parentheses to combine
How to use the IN operator in MySQL?
Aug 12, 2025 pm 03:46 PM
TheINoperatorinMySQLchecksifavaluematchesanyinaspecifiedlist,simplifyingmultipleORconditions;itworkswithliterals,strings,dates,andsubqueries,improvesqueryreadability,performswellonindexedcolumns,supportsNOTIN(withcautionforNULLs),andcanbecombinedwith
