I need to protect MySQL db hosted on my machines (I mention my machines - no IT or DB expert was configuring my OS, and DB server, so vunerabuilities could exist)
Win2003, Apache 1.x (don't remember, but sure its stable, and it is not 2.x), MySQL 4.0.18 (I think), Zend instalation of PHP 5
My ideas and Q's:
1) THIS IS MY MAIN PROBLEM> Php pages are distributed over several machines. I have several types of searches on my site - and each type of search is located on separate machine(php page queries mysql on localhost basis, no query besides localhost is allowed). Following that, I think of granting (all) priviledges only to user: %@LOCALHOST - usual root users and anything that is not from the localhost I will delete from the DB.
Will I in this way be protected, but also will I be able to edit/insert/delete data from the DB.
2) Any suggestions from you guy's and girls's
3) Are there any known attacks on MySQL.... solutions to them
4) Known ways of free-ing up my link of unneccesary bandwith - ex. graphics, styles... you name it, brainstorming rules
5) Any source of OS setup for security.
NOTE: I know I ask a lot here, and I have searched for my self, but more brains - more ideas, and I have a "little" time factor in my neck - my cable internet payment is comming soon, so I want to start my site.