iptables and mysql...

[Crucificator]

Jason Dixon wrote:

> On Jul 5, 2004, at 1:43 PM, Crucificator wrote:
>
>> Jason Dixon wrote:
>>
>>> On Jul 2, 2004, at 9:34 AM, bruce wrote:
>>>
>>>> i'm investigating what needs to be done to allow mysql on a server 
>>>> to be
>>>> used remotely by client machines. each machine is running iptables. 
>>>> so i'm
>>>> wondering what has to be in the iptables for the machine being used 
>>>> as the
>>>> mysql server, as well as the client machines that will be 
>>>> communicating with
>>>> the mysql box...
>>>
>>>
>>>
>>> If you're concerned with data sniffing in transit, you might also 
>>> consider one of the following:
>>>
>>> - tunnelling your client connections through SSH
>>> - MySQL-4.x supports SSL connections with x.509 certificates
>>
>
>> mostly when you put up a mysql server you need it for building 
>> dynamic pages with php let's say. So when you do such thing you only 
>> need to allow connections from localhost because connection is made 
>> from server-side. If this doesn't apply to you then you should check 
>> out stunnel.
>
>
> I suggest you reserve your comments for threads where you have 
> sufficient experience.  Most DBA's are probably giggling at your 
> comment.  Real web applications routinely (more often than not) 
> segregate their data store on separate (redundant) servers.  Using SSL 
> connections in addition to x.509 certs provides not only encryption, 
> but authentication as well.
>
> -- 
> Jason Dixon, RHCE
> DixonGroup Consulting
> http://www.dixongroup.net
>
>
>
Dear Jason, most NA are probably giggling at your comment. I currently 
administer such a server wich serves tunneled dynamic HTTP for SQL for 
42 locations country-wide. We DO NOT have redundant servers. Have you 
heard of RAID solutions? And it saves bandwidth, time and money as well. 
I believe the lack of experience lies elsewere...