Posted: 2013-11-08 23:51:42
To allow direct client connections to MySQL from outside systems…
Edit MySQL’s configuration file –
Change MySQL’s IP binding from “127.0.0.1” to “0.0.0.0”:
bind-address = 0.0.0.0
This will allow MySQL to listen on all the assigned IPs of the system (including 127.0.0.1), such as the LAN IP and possibly the Public IP (if you’re not behind a Router).
Then you’ll need to –
Update the MySQL user account’s (the account to be allowed access to from outside) “Host:” field to either: “%” (which means it can be accessed from ANY IP) or to the specific outside system’s IP address. This part has nothing to do with the local IPs or the server’s public IP… It’s all about the client IP. You can do this via phpMyAdmin (Users Tab), or via the MySQL Shell.
* This is only done to allow direct-to-MySQL connections from outside, and is NOT done for accessing phpMyAdmin from outside. In the later case phpmyadmin always accesses MySQL locally (from 127.0.0.1).
* Remember to set the correct Windows Firewall rules to allow incoming port 3306 connections. Windows Firewall will block these by default.
* Your Router will need to be configured to “port-forward” all incoming port 3306 TCP + UDP connections to the LAN IP of the server MySQL is running on. Otherwise, the Router will not know what to do with the incoming connections / to what system to forward them to.
To allow login access to phpMyAdmin from an outside system…
Login to /phpmyadmin locally (via user: root) and create 2 new user accounts with the same name and password, one with the “Host” field set to “127.0.0.1” and one with the “Host” field set to “localhost”.
The “Host” field is set so because phpMyAdmin is a server-local script that always accesses MySQL from IP:127.0.0.1 (or Host:localhost) regardless of the accessing user’s location. The “Host:” value is what MySQL checks when a connection is established to it, and if it does not match, access is refused.
Grant this account specific permissions only on the databases it should be able to read/write.
WampDeveloper Pro provides an additional level of security to phpMyAdmin via a user-name + ip-address access list in phpMyAdmin’s config.inc.php file. All users are blocked by default (from non-local access) and have to be specifically white-listed.
Update the access list by adding in “allow mysql-account-user-name from all” to allow that account the ability to login to /phpmyadmin from any outside IP…
Edit phpMyAdmin’s configuration file –
Insert access permissions for the username and the allowed IP address (or IP range) into the array:
/* * phpMyAdmin does no user management and will not cross-check the MySQL account's host with the incoming connection's ip/host */ $cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow'; $cfg['Servers'][$i]['AllowDeny']['rules'] = array( // deny everyone by default 'deny % from all', // allow all users from the local system 'allow % from localhost', 'allow % from 127.0.0.1', 'allow % from ::1', // add more usernames and their IP (or IP ranges) here - // ... "allow mysql-account-user-name from all", );
* For this case: you do NOT need to switch MySQL from listening/binding on 127.0.0.1 to 0.0.0.0 (keep my.ini “bind-address = 127.0.0.1″), as phpMyAdmin is a local script that accesses MySQL locally regardless of the accessing user’s IP.
* You should: create a new MySQL account to use for connecting from outside, give it only specific permissions on the databases it should be able to read/write, try not to re-use user:root, nor change any existing accounts.
* The only way to logout of phpMyAdmin is to fully close the Browser.
* WampDeveloper doesn’t have a password for user:root set by default (since it’s secured to local network access only). If you do set the password, make sure to do so for all root accounts (127.0.0.1, localhost, ::1), and update WampDeveloper.xml with the new password (if you need the WebApps Tab functionality to work).