about
blog
tutorials
IP restricted access to the TYPO3 database
Web server running on one specific IP
Say, you have a database server running on IP 192.168.2.2 and a web server running on IP 192.168.2.1. The database name is typo3, database user name is foo, password is bar.
As database server administrator issue following commands:
GRANT ALL PRIVILEGES ON typo3.* TO 'foo'@'localhost' IDENTIFIED BY 'bar';
GRANT ALL PRIVILEGES ON typo3.* TO 'foo'@'192.168.2.1' IDENTIFIED BY 'bar';
Afterwards, the access to the TYPO3 database is restricted to the database server itself and to that single IP the web server is using.
Web servers running in a specific subnet
Say, you have a database server running on IP 192.168.2.2 and a web server running on subnet 192.168.1.0/24. The database name is typo3, database user name is foo, password is bar.
As database server administrator issue following commands:
GRANT ALL PRIVILEGES ON typo3.* TO 'foo'@'localhost' IDENTIFIED BY 'bar';
GRANT ALL PRIVILEGES ON typo3.* TO 'foo'@'192.168.2.%' IDENTIFIED BY 'bar';
Of course, instead of the wildcard in the second command, you could use the subnet itself:
GRANT ALL PRIVILEGES ON typo3.* TO 'foo'@'192.168.2.0/24' IDENTIFIED BY 'bar';
Afterwards, the access to the TYPO3 database is restricted to the database server itself and to that subnet the web servers are using.
Do not, I repeat, do never use host names as it would result in name server lookups for every connection/query. Use IPs only!
