When developing in Rails, the canonical thing to do is to have a root MySQL account with no password. While this makes the Rails configuration automagic, it leaves things somewhat open because MySQL accepts TCP/IP connections by default. Note that this is separate from the webserver hosting the Rails application on localhost. It turns out that MySQL has a nice command line option --skip-networking, which will turn off all TCP/IP networking. Database connections from the local webserver will go through a Unix socket, so they will continue to work and that’s all you need for development.
I installed MySQL using the MySQL AB official binary distribution. However, I have been starting and stopping MySQL using the conveniently supplied panel for Mac OS X System Preferences, thus preventing my from adding any command line arguments. After some fiddling, it turns out that the preference panel is just calling the shell script /usr/local/mysql/support-files/mysql.server. This file (or one of the scripts that it calls) will read ~/.my.cnf or /etc/my.cnf for MySQL configuration options. To make it work with the pref pane, I had to put the following options in /etc/my.cnf:
# MySQL options file
[mysqld]
# turn off all networking, for safety during development
skip-networking
After that, MySQL is no longer listening via TCP, as confirmed with CocoaMySQL’s Show Variables, and via netstat -a. I feel safer already. 
July 19, 2007 at 4:30 am |
[...] Securing MySQL for development accepts automagic canonical configuration connections default leaves mysql rails thingsaccepts, [...]