iptables and mysql...
Crucificator
crucificator at home.ro
Tue Jul 6 06:48:36 UTC 2004
Jason Dixon wrote:
> On Jul 5, 2004, at 1:43 PM, Crucificator wrote:
>
>> Jason Dixon wrote:
>>
>>> On Jul 2, 2004, at 9:34 AM, bruce wrote:
>>>
>>>> i'm investigating what needs to be done to allow mysql on a server
>>>> to be
>>>> used remotely by client machines. each machine is running iptables.
>>>> so i'm
>>>> wondering what has to be in the iptables for the machine being used
>>>> as the
>>>> mysql server, as well as the client machines that will be
>>>> communicating with
>>>> the mysql box...
>>>
>>>
>>>
>>> If you're concerned with data sniffing in transit, you might also
>>> consider one of the following:
>>>
>>> - tunnelling your client connections through SSH
>>> - MySQL-4.x supports SSL connections with x.509 certificates
>>
>
>> mostly when you put up a mysql server you need it for building
>> dynamic pages with php let's say. So when you do such thing you only
>> need to allow connections from localhost because connection is made
>> from server-side. If this doesn't apply to you then you should check
>> out stunnel.
>
>
> I suggest you reserve your comments for threads where you have
> sufficient experience. Most DBA's are probably giggling at your
> comment. Real web applications routinely (more often than not)
> segregate their data store on separate (redundant) servers. Using SSL
> connections in addition to x.509 certs provides not only encryption,
> but authentication as well.
>
> --
> Jason Dixon, RHCE
> DixonGroup Consulting
> http://www.dixongroup.net
>
>
>
Dear Jason, most NA are probably giggling at your comment. I currently
administer such a server wich serves tunneled dynamic HTTP for SQL for
42 locations country-wide. We DO NOT have redundant servers. Have you
heard of RAID solutions? And it saves bandwidth, time and money as well.
I believe the lack of experience lies elsewere...
More information about the redhat-list
mailing list