Multiple instances of MySQL

DAve dave.list at pixelhammer.com
Tue Apr 7 05:55:49 PDT 2009


Paul Schmehl wrote:
> --On April 6, 2009 11:41:06 PM -0400 DAve <dave.list at pixelhammer.com> 
> wrote:
> 
>> Olivier Nicole wrote:
>>> Hi,
>>>
>>>> Has anyone setup two instances of MySQL on the same server? One
>>>> running  just a client's DBs? Any advice would be helpful.
>>>
>>> That is not answering your question directly, but MySQL works finr
>>> over an SSH tunnel.
>>>
>>> You'd have your users connect/authenticate with SSH first to establish
>>> the tunnel, then they'd use the tunnel to forward the NySQl
>>> connection.
>>
>> I doubt the would be an option without a GUI to do everything for the
>> user. I suggested a VPN which we can setup easily with a Cisco Client.
>> No answer back from the account manager on that option.
>>
> 
> If your client needs a gui to access mysql, why not use phpmyadmin (or a 
> similar gui-based admin utility) and restrict access to his IP(s)?  You 
> can do this with your firewall rules or by using .htaccess.  You can 
> also force SSL connections, which would protect against MITM attacks on 
> a cleartext session.

Nope, no web based php admin tools here. Won't touch them. I ahve enough 
security items to track every day.

> 
> (You can also require SSL and secure auth for the db and restrict access 
> by IP using the format username at fqdn, but you stated that you're not 
> comfortable depending *only* upon mysql's security capabilities.)
> 
> However, I would suggest that you provide, as you suggest, a separate 
> instance of mysql just for this client as well.  If they screw up the 
> instance they won't affect other customers.  To run a separate instance, 
> I would suggest using different names for the binaries, conf files and 
> datadir.  This can be easily done using symlinks; e.g. mysql and 
> mysql-special.  Then copy the startup script in /usr/local/etc/rc.d/, 
> rename it to mysql-special and edit it to change all references to the 
> newly-named instance.  Use a my-special.cnf file for the special 
> instance and reference it in /etc/rc.conf using mysql_args=.

Thanks, looks like it would be doable. I do plan to use a separate 
my.cnf, separate logging, and even a seperate mysql DB. I was going to 
share the binaries but I may rethink that decision after your suggestion.

Thanks for the response.

DAve


-- 
"Posterity, you will know how much it cost the present generation to
preserve your freedom.  I hope you will make good use of it.  If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams

http://appleseedinfo.org



More information about the freebsd-questions mailing list