From owner-freebsd-questions@FreeBSD.ORG Tue Apr 7 12:55:48 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A69341065679 for ; Tue, 7 Apr 2009 12:55:48 +0000 (UTC) (envelope-from dave.list@pixelhammer.com) Received: from smtp2.tls.net (smtp2.tls.net [65.124.104.105]) by mx1.freebsd.org (Postfix) with ESMTP id 6131A8FC1A for ; Tue, 7 Apr 2009 12:55:48 +0000 (UTC) (envelope-from dave.list@pixelhammer.com) Received: (qmail 6793 invoked from network); 7 Apr 2009 12:55:47 -0000 Received: by simscan 1.2.3 ppid: 6743, pid: 6790, t: 0.1683s scanners: attach: 1.2.3 spam: 3.2.1 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on smtp-2.tls.net X-Spam-Level: X-Spam-Status: No, score=0.2 required=7.0 tests=ALL_TRUSTED,TVD_RCVD_IP autolearn=disabled version=3.2.1 Received: from 64-184-9-159.bb.hrtc.net (HELO ?192.168.1.46?) (ldg@tls.net@64.184.9.159) by ssl-smtp2.tls.net with ESMTPA; 7 Apr 2009 12:55:47 -0000 Message-ID: <49DB4D3E.3070301@pixelhammer.com> Date: Tue, 07 Apr 2009 08:55:26 -0400 From: DAve User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <49DAC610.6020404@pixelhammer.com> <200904070328.n373SHdB081955@banyan.cs.ait.ac.th> <49DACB52.8030407@pixelhammer.com> <5C4F1A401C316B7D2F625CCF@Macintosh-2.local> In-Reply-To: <5C4F1A401C316B7D2F625CCF@Macintosh-2.local> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Multiple instances of MySQL X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Apr 2009 12:55:49 -0000 Paul Schmehl wrote: > --On April 6, 2009 11:41:06 PM -0400 DAve > wrote: > >> Olivier Nicole wrote: >>> Hi, >>> >>>> Has anyone setup two instances of MySQL on the same server? One >>>> running just a client's DBs? Any advice would be helpful. >>> >>> That is not answering your question directly, but MySQL works finr >>> over an SSH tunnel. >>> >>> You'd have your users connect/authenticate with SSH first to establish >>> the tunnel, then they'd use the tunnel to forward the NySQl >>> connection. >> >> I doubt the would be an option without a GUI to do everything for the >> user. I suggested a VPN which we can setup easily with a Cisco Client. >> No answer back from the account manager on that option. >> > > If your client needs a gui to access mysql, why not use phpmyadmin (or a > similar gui-based admin utility) and restrict access to his IP(s)? You > can do this with your firewall rules or by using .htaccess. You can > also force SSL connections, which would protect against MITM attacks on > a cleartext session. Nope, no web based php admin tools here. Won't touch them. I ahve enough security items to track every day. > > (You can also require SSL and secure auth for the db and restrict access > by IP using the format username@fqdn, but you stated that you're not > comfortable depending *only* upon mysql's security capabilities.) > > However, I would suggest that you provide, as you suggest, a separate > instance of mysql just for this client as well. If they screw up the > instance they won't affect other customers. To run a separate instance, > I would suggest using different names for the binaries, conf files and > datadir. This can be easily done using symlinks; e.g. mysql and > mysql-special. Then copy the startup script in /usr/local/etc/rc.d/, > rename it to mysql-special and edit it to change all references to the > newly-named instance. Use a my-special.cnf file for the special > instance and reference it in /etc/rc.conf using mysql_args=. Thanks, looks like it would be doable. I do plan to use a separate my.cnf, separate logging, and even a seperate mysql DB. I was going to share the binaries but I may rethink that decision after your suggestion. Thanks for the response. DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Quincy Adams http://appleseedinfo.org