I never use 3306 over the public Internet. My usual practice is to open a
reverse SSH tunnel and do my MySQL queries through that.
At one station, I couldn't use such a tunnel due to peculiar
circumstances, so I configured MySQL to use a high numbered port instead,
and opened it only to the IP address of the machine thet needed to use it.
That's not as safe as the reverse SSH tunnel, because the traffic is still
unencrypted, and a malicious actor could figure out what's going on and
access the port by spoofing the address of the other machine.
Rob
--
Я там, где ребята толковые,
Я там, где плакаты "Вперёд",
Где песни рабочие новые
Страна трудовая поёт.
On Tue, 27 Nov 2018, David Klann wrote:
Hello Peter,
On 11/27/18 2:50 AM, Peter Claes wrote:
Hi guys,
I am trying several ways to get remote access to our system (with audio
store)
I had some success with running NFS over IPSEC, but it takes many manual
steps for connecting and syncing local and remote audio stores.
Which alse means many things could go wrong there.
I am now considering to open port 3306 and running owncloud on /var/snd
I strongly urge you to reconsider opening TCP port 3306 to the Internet
(assuming that is what you mean). If you are going to do this, please
consider applying an IP "whitelist" (aka access list) to your firewall,
allowing only specific IP addresses to access that port.
I also recommend Nextcloud as an alternative to Owncloud. I have been
running a Nextcloud instance (though not on a Rivendell-related server)
for several years and it works quite well.
Anyone with experience on this matter ? Anything to watch for ?
Will have to install owncloud on a running production machine.
Hope this helps!
~David Klann
_______________________________________________
Rivendell-dev mailing list
Rivendell-dev@lists.rivendellaudio.org
http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
