Re: [Hampshire] Suggestions for MySQL connectivity

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMAndy Smith at <-
M 

Reply to this message
Author: Roger Munford
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Suggestions for MySQL connectivity
Thanks for everybody's helpful advice. After the initial panic that it
would not be possible to get a direct connection, it was, in fact quite
straightforward and a host was found for me. For the record, tsohosts do
it, they are good value and were very helpful.
I copied that database, reconfigured everything that needed it and,
hopefully, everything is as it was before.

The new host does offer SSH access but I am not obliged to use it. I
hope I am not being complacent because the data on the site is only a
list of names (used to greet the customer) plus hashed usernames and
passwords.

Thanks again,

Roger

On 22/01/13 22:26, Tim Brocklehurst wrote:
>> Clearly we have to go somewhere else. Can anybody recommend a hosting
>> company that will provide a direct connection to MySQL?
>>
>> The "support" told me that it was a wicked thing to do a huge security
>> risk. Not having been involved in software for several years, I am
>> willing to believe that it could have become a problem, but is it such a
>> risk that nobody will offer direct connections. If so what are the the
>> mechanisms that are unsafe? Also what alternative techniques are
>> available to transfer data between databases.
> Roger,
>
> Providing a direct connection to MySQL (or any database server) is probably
> not a good idea [1]. Put simply, while MySQL has some security features, I
> wouldn't rely on them over the internet. This drove me to hosting a similar
> setup internally at a company I was working for some years back.
>
> You could consider an SSH tunnel, or a VPN tunnel into the remote server, and
> then access the database through that. There are loads of examples of these,
> just google. The tunnel itself secures any data that is transmitted through
> it, so the other end just looks like a continuation of your LAN. However, if
> you do this you need to ensure that passwords and/or keys are kept safe, and
> are suitably strong.
>
> Alternatively, there is nothing to stop you hosting it internal to the
> company, as long as they have a sufficiently reliable (and fast enough)
> broadband provider. However, this has both pros and cons.
>
> Hope this helps,
>
> Tim B.
>
> [1] http://dev.mysql.com/doc/refman/5.0/en/security-against-attack.html


--
Please post to: Hampshire@???
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------

This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Promoting LUG meets via social networkingRe: [Hampshire] Promoting LUG meets via social networking->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)