This information about Computer Security is for advanced IT users. MySQL security setup is the responsibility of a practice or its IT, although we recommend contacting Open Dental Support for assistance implementing any changes.
MySQL is only as vulnerable as the local network security allows. It is not secure to expose the MySQL service to the internet (World Wide Web). Do not open the MySQL port (default is port 3306) on routers and do not allow incoming traffic for that port. The port can be opened as Firewall exception rule on servers but NOT on routers. In simple terms, this means do not open the database to the entire internet, even if it thought that the source IP address is verified: it is not sufficient as IP addresses can be spoofed.
MySQL user names and passwords are a secondary level of security. To access an Open Dental database, a MySQL user can require a password be used.
Small offices (users on small closed networks): It is up to the practice to decide whether or not to set MySQL passwords. We recommend that this is done. If someone has access to the data on the server then MySQL passwords do not provide additional protection. Therefore some users may choose to not set MySQL passwords.
Large enterprises should use MySQL users and passwords and create institutional safeguards against losing the password.
For new installations, the Trial Installer prompts for the creation of a MySQL username and password.
Enter the information as desired. If the password is left blank, users receive a warning and must confirm their choice to proceed without a password.
If using an older installation, or if a user clicked Do this later and would like to start using a MySQL password, see MySQL User Manager. For versions 19.3 and below, follow the steps below:
SELECT USER, HOST, PASSWORD FROM mysql.user;
SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('new_password');
SET PASSWORD FOR 'root'@'::1' = PASSWORD('new_password');
SET PASSWORD FOR 'root'@'%' = PASSWORD('new_password');
SET PASSWORD FOR ''@'localhost' = PASSWORD('new_password');
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('new_password');
After making password changes in MySQL, the Open Dental workstations no longer have access to the database.
The password entered into the MySQL Configuration window on each computer is stored as obfuscated text in the FreeDentalConfig.xml.
If the practice plans on hosting multiple customers on the same database server, see Host Multiple Databases from One Web Server for isolation information.
Practices may need to work from particular devices or IP address ranges for multi-tenant installations or if there are complex networks where some segments should not have access. Open Dental does not provide advice or direct support on setting up usernames for particular devices or network segments. For multi-tenant installations, consult an IT professional. For complex networks, consult an IT professional, or for even more security use the Middle Tier. Information about setting up usernames for specific devices or network segments is available at http://dev.mysql.com/doc/refman/5.5/en/account-names.html. Open Dental works fine as long as the specified MySQL user has the correct (full) permission set.
There are two MySQL users that may be specified: a regular user and a user with lower privileges.
When users connect from the client computers, they will never see or have access to the users that set up in this file. They will be connecting using an Open Dental username and password. See Choose Database for an example.
If workstations have trouble connecting, it may be a Firewall issue. If you can't get past the Choose Database window, then it's a firewall issue. You may need to create an exception to allow Port 3306. See Open Port 3306. If you've turned off all firewalls on the server and are still stuck at the Choose Database window, see Troubleshooting.
Users and password: If you change passwords and it no longer works, carefully retrace your steps to make sure the new user has all privileges and access to the Open Dental database. Be aware of the difference between user@% and user@localhost. Double check the privileges and try again.