MYSQL - remote server connection (not really a Delphi issue)

Database
1

Playing with (for the first time) remotely hosted MySQL and am having trouble with my HOSTing supplier getting a working GENERIC configuration IE I can connect but I need to whitelist my ISP (host) this seems a bit OTT as white listing every user of this APP (and there may be 3 or 4 :slight_smile: LOL) is a pain.

That said I may have missed something…

Can someone (not hosted by TPG or sub host iinet / internode etc) please use the fireDAC DBExplorer

mySQL
mySQL1486×1112 190 KB

MySQLAccessIssue
MySQLAccessIssue889×699 28 KB

or MySQL console to TRY and connect the server and send me the error message
server : tryracing.info
DataBase : tryracin_WuN
Port : 3306
User : tryracin_WuN_Admin BUT not important as I need the connection fail error

as the error is cannot connect
‘tryracin_WuN_Admin’@’ < myIPAddress > . < myISPHOSTURL >’

Linden

2

Hi Linden,

It worries me greatly that you have such a lack of understanding of matters relating to modern security and that you’ll be handling your customers data, and potentially their customers data in such a casual way. Hopefully soon laws will be in place to that provide serious financial penalties for such behaviour.
At least your host is part way trying to force you to do the right thing.

I know this sounds harsh, but this is just not acceptable in 2022.

3

I have to agree with Andrew - exposing a database engine to the internet is asking for trouble. If you must do that, use a vpn connection at least.

Whitelisting ip’s is not secure, ip’s can be spoofed.

4

Thanks to you both

BUT WOW

It worth noting that I am aware (very) of the potential for hacking however the implications of said hack are inversely proportional to the data stored in said location ie the difference between a list of candy crush scores by nickname as opposed to Passport No / Drivers License No with Name and address.

My need is 100% in the former (perhaps ever lower care factor) so can you let me worry about the security implications - BTW it is worth noting that the risk between them giving pass worded access to a specific MySQL DB is lower than say direct access to my hosting service (and hence the same DB + others) … access to which is international and only single layer protected with a readily deduced username… so maybe they were not really protecting me so much as just … anyway

That said I have found a cheap DB hosting service that will handle my need for a Q&D proto type / proof of concept / demo - before I move to a more robust (but still only trivial data) solution