The small company I work for has a dedicated server. This server is an all-in-one unit for our business... websites, database, email, etc. A trusted company bought a division of our company and wants to know if we can open a port to the MySQL database. It has no open ports now, as we never needed it. All queries were done from the server itself via php. But, they want to be able to communicate with the MySQL database directly, and not through a webpage.
What is the security risk in this? All users and permissions are setup correctly. My only concern is that a port would have to be opened on our hardware firewall. There is sensitive data on our server, encrypted, but still sensitive.
My options are to open a port to MySQL and let them connect directly. Or I can tell them they'll have to get there own server if they want to do that. Or, they'll have to stick with using php to access the db.
Thank you, Swede
MySQL Port Security
Moderator: General Moderators
If they have the rights blah blah, you can always setup a SSL tunnel.. and let them talk into that...
http://dev.mysql.com/doc/mysql/en/secure-basics.html
http://dev.mysql.com/doc/mysql/en/secure-basics.html
Thanks... I was kind of leaning towards telling them to move their site/database to another server if they want to do that. This is on a Windows machine, so SSL isn't set-up by default. That is an option though. I'm not too familiar with SSL for Windows, so that may be more trouble than it's worth. But, I appreciate the suggestion.
With MySQL 4.0.23, I've read that opening a port to it is of minimal risk. I thought there was also a way to limit connections to only certain IPs.
It sounds like most people wouldn't take the risk... that is probably the best solution. Thanks.
With MySQL 4.0.23, I've read that opening a port to it is of minimal risk. I thought there was also a way to limit connections to only certain IPs.
It sounds like most people wouldn't take the risk... that is probably the best solution. Thanks.