Multiple instances of MySQL
DAve
dave.list at pixelhammer.com
Tue Apr 7 05:55:49 PDT 2009
Paul Schmehl wrote:
> --On April 6, 2009 11:41:06 PM -0400 DAve <dave.list at pixelhammer.com>
> wrote:
>
>> Olivier Nicole wrote:
>>> Hi,
>>>
>>>> Has anyone setup two instances of MySQL on the same server? One
>>>> running just a client's DBs? Any advice would be helpful.
>>>
>>> That is not answering your question directly, but MySQL works finr
>>> over an SSH tunnel.
>>>
>>> You'd have your users connect/authenticate with SSH first to establish
>>> the tunnel, then they'd use the tunnel to forward the NySQl
>>> connection.
>>
>> I doubt the would be an option without a GUI to do everything for the
>> user. I suggested a VPN which we can setup easily with a Cisco Client.
>> No answer back from the account manager on that option.
>>
>
> If your client needs a gui to access mysql, why not use phpmyadmin (or a
> similar gui-based admin utility) and restrict access to his IP(s)? You
> can do this with your firewall rules or by using .htaccess. You can
> also force SSL connections, which would protect against MITM attacks on
> a cleartext session.
Nope, no web based php admin tools here. Won't touch them. I ahve enough
security items to track every day.
>
> (You can also require SSL and secure auth for the db and restrict access
> by IP using the format username at fqdn, but you stated that you're not
> comfortable depending *only* upon mysql's security capabilities.)
>
> However, I would suggest that you provide, as you suggest, a separate
> instance of mysql just for this client as well. If they screw up the
> instance they won't affect other customers. To run a separate instance,
> I would suggest using different names for the binaries, conf files and
> datadir. This can be easily done using symlinks; e.g. mysql and
> mysql-special. Then copy the startup script in /usr/local/etc/rc.d/,
> rename it to mysql-special and edit it to change all references to the
> newly-named instance. Use a my-special.cnf file for the special
> instance and reference it in /etc/rc.conf using mysql_args=.
Thanks, looks like it would be doable. I do plan to use a separate
my.cnf, separate logging, and even a seperate mysql DB. I was going to
share the binaries but I may rethink that decision after your suggestion.
Thanks for the response.
DAve
--
"Posterity, you will know how much it cost the present generation to
preserve your freedom. I hope you will make good use of it. If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams
http://appleseedinfo.org
More information about the freebsd-questions
mailing list