Re: [Hampshire] Suggestions for MySQL connectivity

Top Page

Reply to this message
Author: Tim Brocklehurst
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Suggestions for MySQL connectivity

> Clearly we have to go somewhere else. Can anybody recommend a hosting
> company that will provide a direct connection to MySQL?
>
> The "support" told me that it was a wicked thing to do a huge security
> risk. Not having been involved in software for several years, I am
> willing to believe that it could have become a problem, but is it such a
> risk that nobody will offer direct connections. If so what are the the
> mechanisms that are unsafe? Also what alternative techniques are
> available to transfer data between databases.


Roger,

Providing a direct connection to MySQL (or any database server) is probably
not a good idea [1]. Put simply, while MySQL has some security features, I
wouldn't rely on them over the internet. This drove me to hosting a similar
setup internally at a company I was working for some years back.

You could consider an SSH tunnel, or a VPN tunnel into the remote server, and
then access the database through that. There are loads of examples of these,
just google. The tunnel itself secures any data that is transmitted through
it, so the other end just looks like a continuation of your LAN. However, if
you do this you need to ensure that passwords and/or keys are kept safe, and
are suitably strong.

Alternatively, there is nothing to stop you hosting it internal to the
company, as long as they have a sufficiently reliable (and fast enough)
broadband provider. However, this has both pros and cons.

Hope this helps,

Tim B.

[1] http://dev.mysql.com/doc/refman/5.0/en/security-against-attack.html
--
Hampshire Linux User Group Chairman

--
Please post to: Hampshire@???
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------