24

I came across the bind address while trying to configure the MySQL server. The details of why I want to configure the bind address is in the link below.

Multiple hostnames and multiple privileges?

Now, I want to understand the purpose of the bind address. In the sense, is a binding address the address we assign to the machine that is hosting the MySQL server? 

I have no clue. Would be really helpful if someone could explain me the purpose of it. Also, will assigning 0.0.0.0 to the binding address create any security flaws/loop holes?

OneCricketeer
  • 179,855
  • 19
  • 132
  • 245
Karthick
  • 2,844
  • 4
  • 34
  • 55

1 Answers1

53

The address you specify in bind tells MySQL where to listen. 0.0.0.0 is a special address, which means "bind to every available network".

Only client software which is able to open a connection to the server using the same address that is specified in the 'bind' option will be allowed to connect.

Some examples:

  • If MySQL binds to 127.0.0.1, then only software on the same computer will be able to connect (because 127.0.0.1 is always the local computer).
  • If MySQL binds to 192.168.0.2 (and the server computer's IP address is 192.168.0.2 and it's on a /24 subnet), then any computers on the same subnet (anything that starts with 192.168.0) will be able to connect.
  • If MySQL binds to 0.0.0.0, then any computer which is able to reach the server computer over the network will be able to connect.

These are all transport-level connections. Remote computers still need to qualify for application-level, which is to say they will still require the correct login credentials and host parameters from mysql.user.

Manuel Jordan
  • 15,253
  • 21
  • 95
  • 158
Seth
  • 45,033
  • 10
  • 85
  • 120
  • Nice explation. But when I execute mysql -h 192.168.0.2 -u username -p I am able to connect to the mysql server if 192.168.0.2 is assigned appropriate permissions. So 192.168.0.2 here is the host of mysql server but not the client rite? If my understading about mysql -h ip is wrong, please do correct me. – Karthick Aug 24 '10 at 14:10
  • mysql authentication (the username element) also contains a hostname restriction. -h just indicates which host you wanted to connect to. Users may be granted wildcard access. See https://dev.mysql.com/doc/refman/5.7/en/adding-users.html for further details – simon coleman Nov 29 '17 at 19:26
  • 1
    Point (2) is not correct. Any computer that can *reach* that subnet can connect to it. – user207421 Jul 27 '19 at 05:57
  • 1
    Well, point 2 is correct. But, you are also correct that there are other cases that would allow a connection between subnets in addition to the simple case of point 2 (i.e., VPNs, NATs, or other fancy routing). – Seth Jul 27 '19 at 19:53
  • Point (2) is confuse for me, I am able to understand the scenario about the IP with value of `192.168.0.2`. It can connect because is explicitly the same than `bind-address`, but later you are indicating that other such as `192.168.0.3` can connect. Is that correct? – Manuel Jordan Oct 04 '19 at 22:07