>Connecting from a client machine to the MySQL server requires the network
>port 3306 be open on the ISP's server and firewall, to permit the
>connection. (3306 is the default server port for MySQL, but it can be
>configured to a different port.) As far as I know, this is the case
>regardless of whether one uses a mysql command-line client, or the MyODBC
>driver, or other clients.

And that's not ALL that is required. MySQL does not by default
permit network access to the database. The ISP needs to GRANT you
permission to use the database from the IP you are connecting from
in MySQL itself. It is possible to grant access from anywhere, but
this opens up a number of security issues. It also requires more
administrative work from the ISP. Typically, they grant access
from the host that your web site is on, and that's all.

Also, they have to allow access for port 3306 through the firewall
for any IP that *any* customer is allowed to use (assuming a shared
database).

>Often ISP's are reluctant to enable ports such as this one, even if it's a
>relatively well-known service. It's one more protocol and service that they
>now have to be experts in, to watch for security risks. Their users might
>inadvertently create security holes.

This is especially an issue if the ISP's customers are using their
web sites to conduct E-commerce, and the databases contain stuff
like credit card numbers. The ISP may end up involved for providing
inadequate security if there's a major breach.

Gordon L. Burditt