DISCLOSURE: This post may contain affiliate links, meaning when you click the links and make a purchase, we receive a commission.
While using databases that run on your local machine, you might have had to make connections to them to set it up or make changes to them. However, if you only run local databases, there is one thing you still need to do, and that is to access the database from a network.
Trying to access your MySQL database from a remote device can be a challenge if not properly set up. Locally you use localhost, so your database authorizes your connection request, but that is not the case through a network.
However, if you are wondering how to access your database, then the answer is MySQL bind-address. Read on to learn more about it and how it helps authorize remote connections.
Why Is MySQL bind-address Needed?
MySQL is usually configured to accept connections from a local socket file (a UNIX socket). The hostname “localhost” implies that it is a UNIX socket. UNIX sockets, however, are faux files, which means they are only accessible within the local server itself.
Because of this, if you want to run a database remotely, on a remote server, for example, then you would have to use the server itself to modify the database. Doing so from your personal computer or some other remote device would not be an option.
That is, however, if you decide not to use MySQL’s bind-address feature. If you do use it then you can add a TCP socket to which the database server will listen for any connections. To understand how it works, we will have to take a deeper dive into its inherent workings.
What Is MySql bind-address
The bind-address setting tells MySQL whether it can listen on a TCP socket for new connections. There are three basic ways to configure bind-address:
- MySQL can bind to no networks (connect over localhost only, e.g. a UNIX socket)
- MySQL can bind to all networks (0.0.0.0)
- MySQL can bind to a specific network, e.g. a public network that the whole internet can reach or a private network that can only be reached from within a data center.
Now which configuration you use will depend on your use case. If you want your database to be only accessible to your on-site dev team, then you can bind it to the local office network so that only those connections are authorized.
If you are setting up a database remote team members also need to access, you can simply bind it to 0.0.0.0. One thing to note here is that after bind-address, while local network connections are automatically validated, remote access will still need users to provide correct login credentials and host parameters from ‘mysql.user’.
Moreover, what if you wanted to bind to more than one address? Say you want to create different network interfaces, such as if an admin connects, they get privileged access, but if a user joins, they get primary access.
For this to be possible, we need to bind more than one address with different levels of control to create separate network interfaces for our MySQL database. If you try googling this problem, you will come across old StackOverflow answers stating that MySQL bind address does not support multiple bindings.
That was true when these old answers were written, but since 2019 MySQL has updated bind-address to support multiple bindings.
Binding To More Than One Address
Before 2019, MySQL bind-address did not support multiple binding addresses. Due to this, you could either authorize a particular subnet or allow all devices to connect by binding it to 0.0.0.0.
This was not an ideal implementation, and network admins had to use other, more complex methods to achieve the aforementioned effect. The reason for this limitation is that previously, bind-address used only one TCP socket, so either you set up the database to bind to one IP or all configured IP addresses.
In the newer implementation, every bind address function call creates a new TCP socket and binds the listening job to that socket. Thus we can add multiple IP addresses to different sockets to create different network interfaces. This is an important implementation that any modern server or backend requires in a commercial setup.
Note that a side effect of introducing support for multiple addresses listening for incoming connections is that every created server socket counts against the limit specified by the –open-files-limit option.
So theoretically, if too many interfaces were specified by the –bind-address option, it could result in the error “Too many open files” if the MySQL server configuration had already opened a large number of files. We do not consider this a major problem many users will face.
So, the next time you set up your database, do not forget to configure its bind-address property. Whether you want all local devices to be authorized or different devices to have different privileges, everything is possible using a simple bind-address function.
Not doing so will not only prevent network access to the database but is also an inherently insecure setting.