cPanel & WHM Version 80 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
 

Disable Remote MySQL in cPanel

benny@cpanel.net shared this idea 2 years ago
Open Discussion

As a server administrator I would like to be able to disable Remote MySQL in cPanel through the feature manager, allowing me to control whether or not a user can potentially set up Remote MySQL.


Use-case: if I follow the recommendation of binding MySQL to the local IP address, then my customers are confused by the existance of the Remote MySQL icon in cPanel.

Comments (9)

photo
1

In paper_lantern, you can hide the icon with a file /usr/local/cpanel/base/frontend/paper_lantern/dynamicui/dynamicui_hide_icon.conf. It will not be removed after update.


file=>remote_mysql,skipobj=>1

photo
1

Found;


/usr/local/cpanel/base/frontend/paper_lantern/dynamicui.conf

https://documentation.cpanel.net/display/SDK/Guide+to+cPanel+Plugins+-+The+dynamicui+Files

As reference.

photo
photo
1

This is important if following the security advisor warning to make my.cnf bind-address setting local only. (Ref: internal CPANEL-6125)


Otherwise my.cnf prevents remote hosts from being allowed but cPanel deceives users into thinking they are allowed.

photo
1

This might also be a good example of where individual feature list items should be included on a per-user basis instead of a per-package basis.


For example, in this scenario, if Remote MySQL is made into a feature list item. Then if someone wants/needs Remote MySQL in their cPanel, the owner of the account would have to create a new feature list with Remote MySQL enabled, then create a new package using this new feature list, and then upgrade/downgrade the account to this new package.


If the owner of the account could simply enable Remote MySQL for that user, that might be preferable.


I didn't mean to take this feature request off-topic, I just thought it was a prime example of where a per-user feature enabler would be ideal.

photo
1

I don't think it's off-topic at all! Discussion of implementation is a perfectly on-topic thing to have here. :)

photo
photo
2

Hey all! We're investigating potentially adding this feature and wanted to ask: What are the use-cases in which you would want to disable this in the cPanel UI? Looking through the comments I see two, from a hosting provider point of view:

  • Prevent confusion, so users don't try to configure remote access to my local database server if I have bound MySQL to a local IP address (thereby preventing external/remote access)
  • Increase security so that my users are not able to allow remote connections without contacting me, and allowing me to vet the incoming traffic.

Are there any other reasons that this would come up?

photo
5

For me it's just this - Increase security so that my users are not able to allow remote connections without contacting me, and allowing me to vet the incoming traffic.

photo
5

Our edge firewall in/out doesn't allow port 3306, We have to manually accept the IP, this causes confusion with our clients when they try to connect to an external SQL. I'd like an option to disable it per package.

photo
4

@Meto2 and @JonTheWong +1

photo