Table of Contents
Advertisement
6.3.7. Connecting to MySQL Remotely from Windows with SSH
This section describes how to get a secure connection to a remote MySQL server with SSH. The
information was provided by David Carlson <dcarlson@mplcomm.com>.
1. Install an SSH client on your Windows machine. As a user, the best nonfree one I have found is
from
SecureCRT
secure.com/. You can also find some free ones on
Computers/Internet/Protocols/SSH/Clients/Windows/.
2. Start your Windows SSH client. Set
userid=your_userid
user name of your MySQL account.
3. Set up port forwarding. Either do a remote forward (Set
yourmysqlservername_or_ip,
host:
4. Save everything, otherwise you will have to redo it the next time.
5. Log in to your server with the SSH session you just created.
6. On your Windows machine, start some ODBC application (such as Access).
7. Create a new file in Windows and link to MySQL using the ODBC driver the same way you normally
do, except type in
At this point, you should have an ODBC connection to MySQL, encrypted using SSH.
6.3.8. SQL-Based MySQL Account Activity Auditing
Applications can use the following guidelines to perform SQL-based auditing that ties database activity
to MySQL accounts.
MySQL accounts correspond to rows in the
the server authenticates the client to a particular row in this table. The
in this row uniquely identify the account and correspond to the
which account names are written in SQL statements.
The account used to authenticate a client determines which privileges the client has. Normally, the
CURRENT_USER()
user. Its value is constructed from the
However, there are circumstances under which the
not to the client user but to a different account. This occurs in contexts when privilege checking is not
based the client's account:
• Stored routines (procedures and functions) defined with the
characteristic.
• Views defined with the
• Triggers (as of MySQL 5.0.17).
In those contexts, privilege checking is done against the
CURRENT_USER()
stored routine or view or who caused the trigger to activate. To determine the invoking user, you can
call the
USER()
the client and the host from which the client connected. However, this value does not necessarily
correspond directly to an account in the
Connecting to MySQL Remotely from Windows with SSH
from http://www.vandyke.com/. Another option is
to log in to your server. This
localhost,
remote port:
localhost
[959]
function can be invoked to determine which account this is for the client
SQL SECURITY DEFINER
[959]
refers to that account, not to the account for the client who invoked the
[964]
function, which returns a value indicating the actual user name provided by
Google
yourmysqlserver_URL_or_IP. Set
Host_Name =
remote_port: 3306
3306).
for the MySQL host server, not yourmysqlservername.
mysql.user
and
columns of the
User
Host
CURRENT_USER()
characteristic (as of MySQL 5.0.24).
DEFINER
table, because the
user
614
f-secure
at
http://directory.google.com/Top/
value might not be the same as the
userid
local_port:
3306,
) or a local forward (Set
table. When a client connects successfully,
and
User
'user_name'@'host_name'
table row for the account.
user
[959]
value corresponds
SQL SECURITY DEFINER
account and
[964]
USER()
from
http://www.f-
remote_host:
port:
3306,
column values
Host
format in
value never contains
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the 5.0 and is the answer not in the manual?
Questions and answers