cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Disable Remote MySQL in cPanel

benny@cpanel.net shared this idea 4 years ago
Open Discussion

As a server administrator I would like to be able to disable Remote MySQL in cPanel through the feature manager, allowing me to control whether or not a user can potentially set up Remote MySQL.


Use-case: if I follow the recommendation of binding MySQL to the local IP address, then my customers are confused by the existance of the Remote MySQL icon in cPanel.

Comments (4)

photo
4

In paper_lantern, you can hide the icon with a file /usr/local/cpanel/base/frontend/paper_lantern/dynamicui/dynamicui_hide_icon.conf. It will not be removed after update.


file=>remote_mysql,skipobj=>1

photo
1

Found;


/usr/local/cpanel/base/frontend/paper_lantern/dynamicui.conf

https://documentation.cpanel.net/display/SDK/Guide+to+cPanel+Plugins+-+The+dynamicui+Files

As reference.

photo
photo
1

This is important if following the security advisor warning to make my.cnf bind-address setting local only. (Ref: internal CPANEL-6125)


Otherwise my.cnf prevents remote hosts from being allowed but cPanel deceives users into thinking they are allowed.

photo
1

This might also be a good example of where individual feature list items should be included on a per-user basis instead of a per-package basis.


For example, in this scenario, if Remote MySQL is made into a feature list item. Then if someone wants/needs Remote MySQL in their cPanel, the owner of the account would have to create a new feature list with Remote MySQL enabled, then create a new package using this new feature list, and then upgrade/downgrade the account to this new package.


If the owner of the account could simply enable Remote MySQL for that user, that might be preferable.


I didn't mean to take this feature request off-topic, I just thought it was a prime example of where a per-user feature enabler would be ideal.

photo
1

I don't think it's off-topic at all! Discussion of implementation is a perfectly on-topic thing to have here. :)

photo
photo
4

Hey all! We're investigating potentially adding this feature and wanted to ask: What are the use-cases in which you would want to disable this in the cPanel UI? Looking through the comments I see two, from a hosting provider point of view:

  • Prevent confusion, so users don't try to configure remote access to my local database server if I have bound MySQL to a local IP address (thereby preventing external/remote access)
  • Increase security so that my users are not able to allow remote connections without contacting me, and allowing me to vet the incoming traffic.

Are there any other reasons that this would come up?

photo
6

For me it's just this - Increase security so that my users are not able to allow remote connections without contacting me, and allowing me to vet the incoming traffic.

photo
7

Our edge firewall in/out doesn't allow port 3306, We have to manually accept the IP, this causes confusion with our clients when they try to connect to an external SQL. I'd like an option to disable it per package.

photo
5

@Meto2 and @JonTheWong +1

photo
1

I'll add one more - which supports the other two.


* Reduce the number of applications the system maintains. I think that we should be able to disable the features and applications from use so that I don't have to monitor the vulnerability db for more packages than we necessary. This falls into the category, "turn off all services you are not using" that exists in every security handbook.

photo
2

I think there should be an option in the WHM to disable remote MySQL in the MySQL section. This would block remote MySQL access in the server configuration and remove the icon to it in cPanel. It's very confusing now when customers see the option and it's not available.

photo
2

Generally every icon / feature should be available to be disabled or enabled in features. For example i may offer remote Mysql access only for some packages. But now i can not do it and even smallest packages can use it, which creates additional load when people use it for game servers.

photo
1

@Michal - I agree 100% that we need the ability to enable / disable which features are accessible to users in cPanel. I know this feature request thread is aimed at just the Remote mySQL feature, but there are several others that we'd like to be able to control, some of which just cause confusion and more support tickets from users. One example is the "Mail Client Automatic Configuration Scripts" feature, which seems to generate a lot of support requests from users with iPads / iPhones saying that they used it and followed the instructions, but it's not working correctly and they're getting blocked in server firewall for invalid/incorrect mail client settings. I'd rather just send each customer a link to instructions and help them get it right the first time. Similarly in the Email Accounts > Connect Devices feature, the "Mail Client Manual Settings" , although it provides correct information, the way that it's presented tends to cause users to use IMAP just because it's the first thing they see listed, and then within a month they're asking why their Inbox Quota is "full" because they don't understand that IMAP leaves all Inbox / Sent messages on the server forever (especially problematic for small shared hosting accounts with limited disk / limited iNodes). In my particular environment I want to encourage the use of POP3 / manual setups instead so that their devices can be set to remove messages from the server. Another issue is the Domains > Create a Domain feature - many users do not understand the difference between that and Addon Domain, and so they end up using the Domains > Create a Domain feature and unwittingly leave a check next to "Share document root" which in-turn creates the unwanted result of what they thought would be it's own separate site, instead sharing the public_html of their main site, and then they end up trying to operate two different sites from within the same folder (you can imagine the fun that creates when they intended to have two completely different / separate WordPress sites, for example). I wish we could remove that feature so that the user will utilize the actual Addon Domains function so that there's no conflicts or repairs necessary, and the actual Addon Domain is set up properly the first time without us having to go through and remove / re-do the work the proper way for them. Sorry for the long post mentioning other features, but while cPanel adds features in an attempt to improve / make things easier for the user, in some cases such features do just the opposite and create more problems / confusion / support tickets.

If we could be given more fine-grained control over the features (and perhaps also customize the default instructions that cPanel provides) , we could cut down on support tickets, problems, and save time / provide a better overall experience for our customers. Not every host does everything the same way, and so giving us more control over the features and what is visible to the user would benefit everyone involved.

photo
1

i also would like this to be removable we don't allow this by default because of security but as the icon still shows we get customers that are trying to enable it unsuccessfully and this creates annoyed customers and tickets.

photo
1

/usr/local/cpanel/base/frontend/paper_lantern/dynamicui/dynamicui_hide_icon.conf (initial solution offered 5 years ago) no longer exists. Is there another workaround to remove the remote_mysql icon from Cpanel's 'sql' group of icons?

photo
1

@Norman Grieve, you need to create the file and add:

file=>remote_mysql,skipobj=>1

inside.

photo
Leave a Comment
 
Attach a file