Jun 13, 2014; 13:50
Dave Bruhn
MySQL security precautions
Howdy, everyone!
So at work, we use Nessus to scan our network for vulnerabilities in our systems. It's served us very well, as it's helped us to strengthen our server security (as well as nag us when our versions of Apache are lagging behind).
There was one vulnerability it detected that got me thinking: "Database reachable from the internet." Now, this is a little misleading, as the server is behind a firewall. However, it's absolutely correct - port 3306 on Server A is certainly accessible from Server B on the same switch. For Lassoers like myself, this can be considered a good thing, as we need to access MySQL databases across servers. However, it's certainly an issue that warrants exploration.
The solution I came up with would be to use port-forwarding over SSH. For example, we could have a non-standard local port 7706 on Server A get forwarded to port 3306 on Server B using an SSH tunnel. Then, in the Lasso Admin DataSources on Server A, specify localhost:7706 as the datasource for Server B's MySQL installation. After that, bind MySQL on Servers A and B to localhost.
Has anyone ever given this much consideration? Ever tried it? Did it suck? Got any other ideas?
Go! :)
Dave
---
Dave Bruhn
Systems Analyst
North Carolina Hospital Association
PO Box 4449
Cary, NC 27519-4449
919-677-4145 (office)
dbruhn@ncha.org
http://www.ncha.org
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
Jun 13, 2014; 14:16
Brad Lindsay
Re: MySQL security precautions
Jun 13, 2014; 14:41
Dave Bruhn
Re: MySQL security precautions
Jun 13, 2014; 14:49
Marc Pope
Re: MySQL security precautions
Jun 13, 2014; 14:51
Brad Lindsay
Re: MySQL security precautions