SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Location
    Northern Minnesota
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    server to server MySQL connections

    Hello,

    I'm considering setting up a server to connect to another server for a mysql insert and just wondering about security implications of doing this. It seems to me that the login credentials are sent in clear text. The servers are both on wired connections and so seems like the only opportunity for interception would be from a rogue employee at the ISP or remote server location... are these correct assumptions? Is there another recommended secure way to do this kind of thing?

    Thanks for any thoughts.

  2. #2
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,627
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    You probably want to look into MySql replication here not some sort of shared insert thing but that might be what you are thinking of.

    In terms of securing the connection a lot depends on network topograhy with your host. If you've got no control there I would presume it is being routed over the public internet and use SSL for the replication connection. See the mysql manual for some hints.

  3. #3
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Location
    Northern Minnesota
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, the other server is a node.js script collecting periodically sent GPS data from a few sources, parsing it into an INSERT query and relaying it directly into the remote MySql server. So nothing to replicate. I don't like doing this in clear text but also don't get excited about trying to do a secure node.js connection. Maybe I can lock it down in other ways - use stored procedures, only allow connections from the specified IP, set up a separate user with access to only one table etc.

  4. #4
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,627
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    I don't think doing a SSL connection requires more than proper mysql configuration. Another easy option would be to put a web service running over HTTPS in front of the other mysql DB which has loads of other advantages like using protocols designed to survive the public internet.

    All the means you mention do not help with folks sniffing credentials on the wire and if the port is open, well, the port is open.

  5. #5
    SitePoint Enthusiast
    Join Date
    Mar 2007
    Location
    Northern Minnesota
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The MySQL server is provided on a shared account at our webhost, so I don't have control of the mysql configuration and have only limited ways to connect. But I'm having trouble imagining what mischief could be caused by someone going through the effort of sniffing the packets to get the login credentials, spoofing their IP to look like that one, and logging in under the stolen credentials that only allow insert privileges on one table containing a few columns of numeric type. It just seems a low value target, little to be gained. It's not a mission critical part of our site either.

  6. #6
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,551
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by davclark View Post
    The MySQL server is provided on a shared account at our webhost, so I don't have control of the mysql configuration and have only limited ways to connect.
    Most shared hosting will only allow a local mysql connection rather than a remote one.

  7. #7
    SitePoint Addict
    Join Date
    Apr 2009
    Posts
    357
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by EastCoast View Post
    Most shared hosting will only allow a local mysql connection rather than a remote one.
    Maybe most, but not all. I had shared hosting at a large (100K+ sites) hosting provider for years and they had no problem allowing remote mysql connections. I used mysql workbench (well, actually mysql query browser in pre-workbench days) from my workstation to administer my mysql db's.
    Doug G
    =====
    "If you ain't the lead dog, the view is always the same - Anon


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •