I have some mini apps hosted on website and the main app and database on another. I need to connect from the mini apps server to the main mysql database and do some queries. My question is how safe is this kind of connection ? I could copy the tables I need from the main server to my mini apps server but this would mean weekly or more often exports and imports and I don’t like this solution.
What do you suggest ?
Are you using encryption (SSL) between the two? If not then it is open for sniffing and man-in-the-middle attacks.
I work as website admin for several of the websites I’ve built from scratch, so I’m very conscious of maintenance concerns. Like you I shudder at the added maintenance load of imports and exports between your two servers.
The real crux of the issue here, is that a call to a MySQL db on any server is a call to external resources. You should have some validation / sanitization security in place either way, but I don’t believe one is really less secure than the other. The call to the other server’s database is no “less trustworthy” than the call to the DB on your own server. While someone might take advantage of a DB connection, most DB security issues comes from people using your own application machinery (form input elements, GET and POST data) to put bad things into your database. As long as you check your DB through a sanitization whitelist and validate the data to be sure that it won’t cause any problems you’re fine; and since you need that level of security in either case, I don’t think you need “extra” measures for the off server DB connection.
Are the two servers on an internal network, or are we talking about the Internet here?
I haven’t set up yet a connection between the 2 servers so I’m not using encryption between them ? Should I ? How can I do that ?
I will take care of the sanitization problem if that’s the main security concern in this case.
we are talking about Internet here.
On the MySQL side of things, check out http://dev.mysql.com/doc/refman/5.1/en/secure-connections.html
Don’t know about the PHP part. Encryption is computationally expensive, by the way.