> Who's talking about unsecured connections? I'm sure there would > be a username/pw combination required to access the database, if > the proper ports were open on their firewall.
That by itself is not especially secure, if brute-force attacks can be used, or if the traffic can be monitored by third parties. > Now, it's not a security risk unless > > a. there is a security hole in MySQL, or > b. Someone sniff's your password because the connection to > the server is not encrypted. > > a. could probably be solved by running mysql as a non-root > user, and having proper backups. The hacker might be able > to wipe out all the databases, but he wouldn't be able to > own the box, and with good backups you would only lose a > day of data at the most. > b. could be solved by encrypting the connection somehow > (either if MySQL supports encrypted connections, or through > some kind of secure tunnel). And even if the hacker gets in > with your credentials, all he can do is mess up your database, > not everyone else's. All of what you said assumes that the goal of an intruder is simply to "mess up" things. If that's all you're worried about, then sure, no problem. Most serious intrusions aren't about messing things up, but about getting to your data - your data is typically what's valuable. Simply being able to read the data is often the goal of an intrusion. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:224325 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
