Is it difficult to secure a MySQL database?

K

Korialstrasza

Gawd
Joined
Jan 21, 2004
Messages
561
Hi guys,

My small office (11 employees) has a small 30 MB MySQL database. We need quick and regular access to it, so ideally we'd like to keep it on our LAN server. However, an application on our website hosted outside of the office needs access to it too, but does not require speed or regularity of access.

I realize hosting a full HTTP web server requires a ton of maintenance and security. Does hosting just an SQL database require the same amount?

So, I guess my question is: Is it difficult to secure an SQL server and keep it secure?

Thanks for any advice!!!
 
I wouldn't say so. Just grant each user only the access they require, such as SELECT, INSERT, etc. If you want to go even farther, only allow the user to connect from a specific host, instead of just using wildcards. Set your firewall to only allow connections to mysql from the outside IP that's required.
 
One thing I would suggest is to either enable SSL for MySQL or use stunnel or IPSec to secure communications over the net. TCP connections to MySQL are in clear text and it would be advisable to encrypt it at least while it's traversing the net.
 
jbog91 said:
I wouldn't say so. Just grant each user only the access they require, such as SELECT, INSERT, etc. If you want to go even farther, only allow the user to connect from a specific host, instead of just using wildcards. Set your firewall to only allow connections to mysql from the outside IP that's required.
Click to expand...
He pretty much nailed it, make sure you have the permission set properly (only what's actually needed on a per user basis), strong passwords, and limit what hosts can connect to it. The SSL is a good idea too for traffic going over the web that's sensitive.
 
Is the Web-based interaction going to be simply reading the data or making additions and modifications? Does the data presented have to be real-time accurate? If not then you might consider replicating that portion of the data you want available as a push to the web server and then lock that database down.
 
You must log in or register to reply here.
Back
Top