Your external router, the one directly connected to the internet, should not allow any connections to or from the MySQL box from the "outside". Your PHP/Apache box would be in a DMZ zone, basically sitting between two routers/firewalls (between a rock and a hard place?). Your internal router/firewall would only allow connections from the PHP/Apache box to the MySQL box on the appropriate ports. That's the basics on setting up your network to restrict access to your machines. You should then also configure your machines to restrict access to themselves. So PHP can only talk to the MySQL machine and MySQL can only talk to the PHP machine on the appropriate ports.
With this setup, even if someone from the outside new the proper name and password for MySQL, they wouldn't be able to connect because the routers, firewalls, OS and MySQL wouldn't allow it. In theory, someone would have to be on the inside in order to sniff the unencrypted connection and connect to one of your machines. Or they would need to compromise one of your machines (router, firewall, pc, etc.).
These are some basic steps you should take whether or not you have an encrypted connection. Close all doors and make each path a one way street if possible. No system is secure, it's just sufficiently difficult to crack to make it not worthwhile.
On Apr 27, 2005, at 3:43 AM, Nikola Skoric wrote:
Hello,
I'm wondering whether there is a way to hack into my database if I'm connecting with PHP
from remote web server to my MySQL server with unencrypted connection? I'm using phpBB
forums (residing on one server and using the database on other server) which do not suport
SSH connections, so I'd like to know if I'm opening a security hole in my system this way?
-- Brent Baisley Systems Architect Landover Associates, Inc. Search & Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
