Hi Bastien,
Please make sure to cc the galaxy-user and galaxy-dev lists as they help your questions reach a wider audience. In fact, I'm sure there are people on these lists that have more DB knowledge than myself.
That said, you're spot on in your thinking. Galaxy uses a single database (galaxy, in your case), so you can setup a "Galaxy" mysql user to have rights only on that DB; specifying localhost provides another layer of security as well.
Best, J.
On May 3, 2010, at 11:08 AM, Chevreux, Bastien wrote:
From: Jeremy Goecks [mailto:jgoecks@gmail.com] On Behalf Of Jeremy Goecks You can specify a MySQL username and password in the MySQL URL, e.g. mysql://username:password@localhost:3306/galaxy?unix_socket=/var/run/ mysqld/mysqld.sock
Hello Jeremy,
thank you very much for that, works like a charm.
Coming to my next question: how should I setup the user / user rights / databases / tables etc. in MySQL?
Yes, I could create a user and then do a
grant all privileges on *.* to someusr@localhost
and I think that that Galaxy will then create everything by itself. However, on the long term I feel that this might be ... um ... a security risk should MySQL also host other things than just a Galaxy DB.
Is there a recommended way to setup things? Like perhaps, e.g., having the mysql admin just create needed databases and giving all rights just to these DBs to galaxy like in:
create database somedb; grant all privileges on somedb.* to someusr@"localhost" identified by 'passwrd';
and then have Galaxy work with that? But for that I'd need to know which DBs Galaxy uses and I have to set up.
If not, I'll do the all privileges on *.*, but I don't really like that.
Regards, Bastien
PS: sorry for nagging, but I'd really like to have a basic security level PPS: if the above looks like straight from some manual, yes it is. I'm no MySQL expert, but a good Google search brings most of what I need to know.
-- DSM Nutritional Products AG R&D Human Nutrition & Health Bioinformatics - Bldg. 203 / 115 P.O. Box 2676 CH-4002 Basel / Switzerland Tel. +41 61 815 8264
DISCLAIMER : This e-mail is for the intended recipient only If you have received it by mistake please let us know by reply and then delete it from your system; access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited. If you as intended recipient have received this e-mail incorrectly, please notify the sender (via e-mail) immediately.
From: Jeremy Goecks [mailto:jgoecks@gmail.com] On Behalf Of Jeremy Goecks Please make sure to cc the galaxy-user and galaxy-dev lists as they help your questions reach a wider audience. In fact, I'm sure there are people on these lists that have more DB knowledge than myself.
Ooooops. Didn't even realise that. I'm too used to mailing lists using a "ReplyTo:".
That said, you're spot on in your thinking. Galaxy uses a single database (galaxy, in your case), so you can setup a "Galaxy" mysql user to have rights only on that DB; specifying localhost provides another layer of security as well.
Thanks, exactly the info I searched for. If a dev is reading this: may I suggest putting that kind of info (database connection with a user and setting up user/database ready-to-use for Galaxy) onto the Wiki page about running a production server? Databases and a system like Galaxy are intimidating enough for people not regularly working with them :-)
Best, Bastien
-- DSM Nutritional Products AG R&D Human Nutrition & Health Bioinformatics - Bldg. 203 / 115 P.O. Box 2676 CH-4002 Basel / Switzerland Tel. +41 61 815 8264
DISCLAIMER : This e-mail is for the intended recipient only If you have received it by mistake please let us know by reply and then delete it from your system; access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited. If you as intended recipient have received this e-mail incorrectly, please notify the sender (via e-mail) immediately.
galaxy-dev@lists.galaxyproject.org