Using bind-address in mysql configuration prevents CA Spectrum Report Manager (SRM) from working
Article ID: 131226
Updated On:
Products
CA Spectrum
Issue/Introduction
Adding "bind-address = x.x.x.x" to the my-spectrum.cnf to allow remote connections seems to have prevented OC SRM from working properly.
Environment
Spectrum 10.x
Cause
Bind-address limits/allows connections from any/all devices from that same subnet as specified. For example, if bind-address = 19.2.168.0.1 is used, then any host on the 192.168.0.x subnet would be able to connect to mysql but outside that subnet would not work.
This generally is not recommended due to security issues.
This generally is not recommended due to security issues.
Resolution
The suggested way to allow remote connections is to:
The above will allow the user 'user123' to connect from 192.168.0.1 with all permissions to the reporting database.
Ideally the permissions would also be limited to those needed, I.e. SELECT, INSERT, etc.
By default Broadcom MySQL Server does NOT allow remote connections except for SSH as it is a secure tunnel.
- Use a Secure SSH Tunnel.
https://dev.mysql.com/doc/refman/5.7/en/windows-and-ssh.html - Utilizing MySQL GRANT statements and limiting connection to IP/Username.
For example:
GRANT ALL ON reporting.* TO 'user123'@'192.168.0.1' IDENTIFIED BY 'password123';
FLUSH PRIVILEGES;
The above will allow the user 'user123' to connect from 192.168.0.1 with all permissions to the reporting database.
Ideally the permissions would also be limited to those needed, I.e. SELECT, INSERT, etc.
By default Broadcom MySQL Server does NOT allow remote connections except for SSH as it is a secure tunnel.
Feedback
Yes
No
Powered by
