Results 1 to 4 of 4

Thread: MySQL Security

  1. #1
    Join Date
    Jan 2001
    Posts
    79

    Question

    We are currently running two servers. One of the servers is solely dedicated to the mysql database. My question is would it be a good idea to have the mysql port on a different one than the standard 3306 just so that hackers would have a hard tie finding it.

    I know that they can always scan the ports but we will block out all port access from the outside world using portsentry but was just wondering if that extra added level of security would be achieved by running on a different port number.

    Thanks for all the help.

  2. #2
    Join Date
    Oct 2000
    Posts
    337
    Changing port numbers for servers is kind of like parking your car behind the house instead of in the garage. It makes it a little harder to find, but if someone wants to steal it, they're going to find it.

    If you're concerned about security, it's far better to run MySQL on the local server, and communicate to it through a socket. Then you can turn off the TCP port entirely.


  3. #3
    Join Date
    Jan 2001
    Posts
    79
    Why is it better to run on a local server? I would assume that a dedicated machine would be best?

    If I run it on a local machine and turn off tcp port completely, what would be the purpose, we would not be able to run a web server?

    Any more ideas for tight security on two machines?

  4. #4
    Join Date
    Oct 2000
    Posts
    337
    I'm talking about turning off TCP access for the database server process, not the web server.

    If you run the database server on the local machine, your application can talk to it through a UNIX socket. Then, there's no need to have the database server run on a TCP port that's accessible to the outside world.

    Of course, if the server gets busy enough, the database server will probably need to be moved to a separate machine.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •