I have a server that will be on the public internet. I'm afraid there is the possibility of it being compromised so I have locked it down the best I can. However it must also connect to a DB. The DB is behind a firewall and only accepts connections from the IP of the small handful of servers that need to connect to it.
I'm still feeling a little paranoid and I'm wondering if there is any way to do a certificate based login (MySQL or PostGres are options here). Similar to how I use private certs instead of username password combos. This way if my public box is compromised I can just revoke the cert. Any experiences with this sort of thing? Thanks in advance! /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
