server security?
 

This would be on a freebds server.
Whats the best way to protect customer lists, in mysql databases? I was thinking about running a hardware firewall with a Intruder Detection System proably snort.

When you are deailing with MySQL databases, running a firewall is a great first step but you also need to know about setting up MySQL to properly deny connections from the "outside". In many cases if you are running MySQL on the same server as your website you can do this by only allowing connections to the database server from "localhost" but obviously this won't work in all situations. I can't even begin to count the number of times I've been able to yank a database from a remote MySQL server by running the mysqldump utility on my machine to dump the contents out to a text file on my machine. Obviously you need to know the db username/password to do this but lots of times I see people that set these to be the same combination or just leave "root" with an empty password. Obviously not good...

so it would be best to have the databases on a different server from the site itself?

No, not necessarily. If you keep the db on the same machine as apache you can limit db connections to "localhost" with the correct username/password and anybody not connecting from localhost (ie. not the apache on the same server as the db) won't be able to connect to your database. If you do run your db on a separate server just limit it to that server's name. For example:

Apache runs on server1.domain.com and the db is on server2.domain.com - on server2 just set up MySQL to only allow connections form server1.domain.com and deny everyone else.

It all depends on if your web server can handle the amount of hits it gets plus all the db usage. On a large site with a huge database that takes a lot of queries (especially ones that actually write back to the database) it's almost impossible to run them on the same machine without significant slow-down.

If you need any help with it, hit me up on ICQ...