Jason Dixon wrote:
On Jul 5, 2004, at 1:43 PM, Crucificator wrote:
Jason Dixon wrote:
On Jul 2, 2004, at 9:34 AM, bruce wrote:
i'm investigating what needs to be done to allow mysql on a server
to be
used remotely by client machines. each machine is running iptables.
so i'm
wondering what has to be in the iptables for the machine being used
as the
mysql server, as well as the client machines that will be
communicating with
the mysql box...
If you're concerned with data sniffing in transit, you might also
consider one of the following:
- tunnelling your client connections through SSH
- MySQL-4.x supports SSL connections with x.509 certificates
mostly when you put up a mysql server you need it for building
dynamic pages with php let's say. So when you do such thing you only
need to allow connections from localhost because connection is made
from server-side. If this doesn't apply to you then you should check
out stunnel.
I suggest you reserve your comments for threads where you have
sufficient experience. Most DBA's are probably giggling at your
comment. Real web applications routinely (more often than not)
segregate their data store on separate (redundant) servers. Using SSL
connections in addition to x.509 certs provides not only encryption,
but authentication as well.
--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net
Dear Jason, most NA are probably giggling at your comment. I currently
administer such a server wich serves tunneled dynamic HTTP for SQL for
42 locations country-wide. We DO NOT have redundant servers. Have you
heard of RAID solutions? And it saves bandwidth, time and money as well.
I believe the lack of experience lies elsewere...
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
