iptables and mysql...
Jason Dixon
jason at dixongroup.net
Mon Jul 5 17:41:24 UTC 2004
On Jul 5, 2004, at 1:43 PM, Crucificator wrote:
> Jason Dixon wrote:
>
>> On Jul 2, 2004, at 9:34 AM, bruce wrote:
>>
>>> i'm investigating what needs to be done to allow mysql on a server
>>> to be
>>> used remotely by client machines. each machine is running iptables.
>>> so i'm
>>> wondering what has to be in the iptables for the machine being used
>>> as the
>>> mysql server, as well as the client machines that will be
>>> communicating with
>>> the mysql box...
>>
>>
>> If you're concerned with data sniffing in transit, you might also
>> consider one of the following:
>>
>> - tunnelling your client connections through SSH
>> - MySQL-4.x supports SSL connections with x.509 certificates
> mostly when you put up a mysql server you need it for building dynamic
> pages with php let's say. So when you do such thing you only need to
> allow connections from localhost because connection is made from
> server-side. If this doesn't apply to you then you should check out
> stunnel.
I suggest you reserve your comments for threads where you have
sufficient experience. Most DBA's are probably giggling at your
comment. Real web applications routinely (more often than not)
segregate their data store on separate (redundant) servers. Using SSL
connections in addition to x.509 certs provides not only encryption,
but authentication as well.
--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net
More information about the redhat-list
mailing list