Who's talking about unsecured connections? I'm sure there would be a username/pw combination required to access the database, if the proper ports were open on their firewall.
Now, it's not a security risk unless a. there is a security hole in MySQL, or b. Someone sniff's your password because the connection to the server is not encrypted. a. could probably be solved by running mysql as a non-root user, and having proper backups. The hacker might be able to wipe out all the databases, but he wouldn't be able to own the box, and with good backups you would only lose a day of data at the most. b. could be solved by encrypting the connection somehow (either if MySQL supports encrypted connections, or through some kind of secure tunnel). And even if the hacker gets in with your credentials, all he can do is mess up your database, not everyone else's. -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 15, 2005 9:32 PM To: CF-Talk Subject: RE: DB connection question > Is this *that* much of a security risk? If by "that" you mean allowing unsecured connections to your database from any public IP address, yes, yes, it's about as much of a security risk as you can possibly have. Unless Dr. Evil runs your ISP, anyway, but even then public access to your databases is almost as dangerous as sharks with frickin' laser beams. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:224290 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
