Using bind-address in mysql configuration prevents CA Spectrum Report Manager (SRM) from working

book

Article ID: 131226

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Adding "bind-address = x.x.x.x" to the my-spectrum.cnf to allow remote connections seems to have prevented OC SRM from working properly.

Cause

Bind-address limits/allows connections from any/all devices from that same subnet as specified. For example, if bind-address = 19.2.168.0.1 is used, then any host on the 192.168.0.x subnet would be able to connect to mysql but outside that subnet would not work.

This generally is not recommended due to security issues.

Environment

Spectrum 10.x

Resolution

The suggested way to allow remote connections is to:

  1. Use a Secure SSH Tunnel.

    https://dev.mysql.com/doc/refman/5.7/en/windows-and-ssh.html

  2. Utilizing MySQL GRANT statements and limiting connection to IP/Username.

    For example:

    GRANT ALL ON reporting.* TO 'user123'@'192.168.0.1' IDENTIFIED BY 'password123';
    FLUSH PRIVILEGES;

The above will allow the user 'user123' to connect from 192.168.0.1 with all permissions to the reporting database.

Ideally the permissions would also be limited to those needed, I.e. SELECT, INSERT, etc.

By default Broadcom MySQL Server does NOT allow remote connections except for SSH as it is a secure tunnel.