Results 1 to 9 of 9
-
10-12-2009, 10:29 AM #1New Member
- Join Date
- May 2009
- Posts
- 1
What is the security issue if I allow remote mysql ?
Hi,
What are the real security issues if I allow remote mysql server access for users ? How does it harm ?
Thanks for your valuable comments
Thanks
-
10-12-2009, 10:54 AM #2Junior Guru Wannabe
- Join Date
- Oct 2009
- Location
- UK - London
- Posts
- 73
Well, you'd have to open the port on your firewall for MySQL (if you don't already have it open) which makes it at risk of DoS/DDoS attack... unless you make it so that only one IP of the user that needs to access your MySQL remotely can pass through the firewall on that port. If the user is trustworthy and you are sure of what they are using it for, there wouldn't be a problem/security issue in allowing one specific IP through to it (unless that IP gets hacked).
-
10-12-2009, 11:15 AM #3Web Hosting Master
- Join Date
- Apr 2004
- Location
- Pacific Palisades, CA
- Posts
- 3,641
These users are who? Hosting customers with a mysql db and a local database admin tool on their pc?
█ Collabora Hosting - Unlimited Windows and Linux Hosting
█ Web Security - VPS - Dedicated Servers
█ Cloud and Managed WordPress Hosting
█ Read how we do Unlimited Hosting at the Unlimited FAQ
-
10-12-2009, 11:43 AM #4Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
Opening the remote access to the server for the whole world using wildcard is not good. You can give remote access to specific IPs. This will make sure that only those specific IPs can access through mysql port.
David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
10-12-2009, 03:06 PM #5Junior Guru Wannabe
- Join Date
- Oct 2009
- Location
- Lakewood, CO
- Posts
- 41
Just as everyone else has said, Just allow the specific IP's that you want to access it through your firewall. Opening it to the general public can cause some serious issues if people decide they want to mess with you (which will happen)
-
10-13-2009, 08:58 AM #6Support Facility
- Join Date
- Jun 2009
- Posts
- 2,335
You should try to secure your mysql password and check the permissions of the configuration files it should be 600. Also mysql comes with the different logs files you should keep track of client connections, queries and server errors.
-
10-13-2009, 09:08 AM #7Web Hosting Master
- Join Date
- Nov 2004
- Location
- India
- Posts
- 1,104
You can allow IP based MySQL connections to outside world but still you have problems if the client files have improper permissions or poor coding. An attacker can inject your whole server's index pages.
AssistanZ - Beyond Boundaries...
Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development
-
10-13-2009, 03:31 PM #8Junior Guru
- Join Date
- Jul 2009
- Posts
- 240
make sure openssl is enabled on your mysql build so remote connections are encypted
-
10-14-2009, 05:00 AM #9WHT Addict
- Join Date
- Apr 2009
- Posts
- 107
Similar Threads
-
Remote DNS issue
By yah0m in forum Hosting Security and TechnologyReplies: 3Last Post: 05-19-2009, 12:26 AM -
MySQL security issue: creating a query based on user input
By bleenzorb in forum Programming DiscussionReplies: 9Last Post: 04-11-2007, 02:44 PM -
php security issue
By p15650 in forum Hosting Security and TechnologyReplies: 5Last Post: 02-26-2007, 10:56 PM -
Is that a security issue?
By raulgonzalez in forum Programming DiscussionReplies: 4Last Post: 05-17-2005, 01:19 PM -
security issue-what could this be?
By deseek in forum Hosting Security and TechnologyReplies: 2Last Post: 05-03-2004, 01:48 AM