Re: [Ejbca-develop] mysql-connector

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sunday 06 June 2004 01:07 pm, Tomas Gustavsson wrote:
> Now I tried and I had a complete other phenomenon.
> I must grant ejbca@myhost not ejbca@localhost, because it looks like
> the mysql-driver connects from the outside to mysql.
>
> I had to do:
> grant all on *.* to ejbca@localhost identified by 'ejbca';
> to connect using the 'mysql' commend line tool.

Yes, this is correct behavior.

> And
> grant all on *.* to ejbca@dilruba identified by 'ejbca';
> to connect with JBoss.
>
> But then all worked fine.
> I'm using MySQL 4.0.18 and mysql.connector 3.0.14.

Except I think you're now routing your local traffic from your local=20
instance of ejbca to your local instance of mysql through the nic that=20
services dilruba.  Try netstat -na | grep -i listen | grep 8443 and see=20
what I mean.

So, for above scenario if you instead=20

mysql> grant all on ejbca.* to ej...@lo... identified by=20
'ejbca";
mysql> flush privileges;

Then drive netstat command above, you'll see it's using 127.0.0.1=20
instead, which does not route traffic through your NIC.

I think the latter is better way to go from security and performance=20
perspectves, but former may be a bit more convenient if one ever needs=20
to clone the db onto another machine.

--=20
Best regards,

Ken Gunderson
GPG Key-- 9F5179FD

"Freedom begins between the ears."      -- Edward Abbey