|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
08-25-2003, 01:28 PM
|
#1 |
|
Confirmed User
Join Date: Jul 2001
Posts: 6,964
|
server security?
This would be on a freebds server.
Whats the best way to protect customer lists, in mysql databases? I was thinking about running a hardware firewall with a Intruder Detection System proably snort. |
|
|
|
08-25-2003, 01:58 PM
|
#2 |
|
Registered User
Join Date: Jul 2003
Location: Miami Beach, FL
Posts: 38
|
When you are deailing with MySQL databases, running a firewall is a great first step but you also need to know about setting up MySQL to properly deny connections from the "outside". In many cases if you are running MySQL on the same server as your website you can do this by only allowing connections to the database server from "localhost" but obviously this won't work in all situations. I can't even begin to count the number of times I've been able to yank a database from a remote MySQL server by running the mysqldump utility on my machine to dump the contents out to a text file on my machine. Obviously you need to know the db username/password to do this but lots of times I see people that set these to be the same combination or just leave "root" with an empty password. Obviously not good...
|
|
|
|
|
08-25-2003, 02:41 PM
|
#3 |
|
Confirmed User
Join Date: Jul 2001
Posts: 6,964
|
so it would be best to have the databases on a different server from the site itself?
|
|
|
|
|
09-15-2003, 09:29 AM
|
#4 |
|
Registered User
Join Date: Jul 2003
Location: Miami Beach, FL
Posts: 38
|
No, not necessarily. If you keep the db on the same machine as apache you can limit db connections to "localhost" with the correct username/password and anybody not connecting from localhost (ie. not the apache on the same server as the db) won't be able to connect to your database. If you do run your db on a separate server just limit it to that server's name. For example:
Apache runs on server1.domain.com and the db is on server2.domain.com - on server2 just set up MySQL to only allow connections form server1.domain.com and deny everyone else. It all depends on if your web server can handle the amount of hits it gets plus all the db usage. On a large site with a huge database that takes a lot of queries (especially ones that actually write back to the database) it's almost impossible to run them on the same machine without significant slow-down. If you need any help with it, hit me up on ICQ... |
|
|
|
