Solved

Secure Remote Access to mySQL

Posted on 2006-06-26
8
528 Views
Last Modified: 2012-06-27
Hi all
I currently have a remote web host that is running mySQL. Coming from a management point of view i would like to have access to my databases so that i can run apps like SQLyog and mySQL admin, thus i need remote access. Now, i suppose i could use phpmyadmin to manage the database, but trying to do something like that via a web interface becomes an absolute nightmare after a while.

Thus, to gain remote access for mySQL, typically i would need to open 3306 (note, from a security point of view i could choose a different point). Now i was talking to someone today and they said "...if you care about your data in a mySQL database you shouldn't allow remote access to your databases." Is this a real problem with mySQL or was this person just a mySQL basher??? Now i know that there will be some risks now that you have a port open but in my eyes the risk is no more than running phpmyadmin.

So is there anyway of having relatively secure remote access to my mySQL OR is there a better way of managing the db remotely whilst still being able to run these apps???
Thanks
ant
0
Comment
Question by:CVSmarc
  • 4
  • 4
8 Comments
 
LVL 30

Accepted Solution

by:
todd_farmer earned 500 total points
ID: 16989609
There certainly are ways to expose the MySQL server in a relatively secure manner.  Of course, MySQL is one more program that can (and does) have bugs that can be exploited to gain access both to the data residing in the server, but potentially to other data on the server as well.  There are guidelines published on the MySQL website that will get you started:

http://dev.mysql.com/doc/refman/5.0/en/security.html

An alternate approach to managing the content would be to manage a local copy of your database via SQLyog and then update the production database from your local copy.  This would work better if most of your modifications were inserts as opposed to updates or deletes, of course, but even that could be managed.  It gets much more complicated if you have to work with a team of people responsible for managing the content.
0
 
LVL 4

Author Comment

by:CVSmarc
ID: 16989673
Thanks for the quick response.
Is it common to find a web hosting company that allows remote connections like this to their client databases.
ant
0
 
LVL 30

Expert Comment

by:todd_farmer
ID: 16989700
My experience has been pretty good here.  My first hosting company allowed remote connections - no questions asked.  The second hosting company did not allow remote connections to the server they initially configured me for, but when I specifically asked, they set up a new database for me on a publicly-accessible MySQL server instance.  A third company (cheap) provided remote access out of the box - no questions asked.
0
 
LVL 4

Author Comment

by:CVSmarc
ID: 16989747
lol... seems like a bit varied response there. Would you say that in your experience then, if you db is being hosted by a company that is allowing remote access to the database, that the databases are secure (as much as they can be at least and assuming that they take the security steps recommended for allowing people to remotely connect to the db).

Also is this any more and any lest secure than using SQLyog to connect to a mysql database via HTTP tunnel (note sure if you have had experience with this type of connection or not).
Thanks ant
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 30

Expert Comment

by:todd_farmer
ID: 16989773
I think it runs the gamut.  Some hosting companies really know what they are doing and their databases are well-configured and managed in a secure manner.  Others just throw them up there, give you an account and password, and let you go to it.  I haven't used HTTP tunnel before.
0
 
LVL 4

Author Comment

by:CVSmarc
ID: 16989924
Well i suppose the question comes down to how will i be able to pick a host that "now what they are doing and their databases are well-configured and managed in a secure manner"??? Is there something that i should ask or be addressing, that would let one know whether the host is a host the is well managed and secure?
Thanks
ant
0
 
LVL 30

Assisted Solution

by:todd_farmer
todd_farmer earned 500 total points
ID: 16989950
For starters, look for a hosting company that is using current versions of MySQL (production version is currently 5.0).  Anything less than 4.1 is, in my book, unacceptable and a sign that they don't know or care to keep current with releases.  Ask what restictions are placed on remote access - I would be more comfortable with a host that provides remote access only upon request.  Many hosts probably won't answer a direct question of, "how have you hardened your MySQL installations?" - for pretty obvious reasons.
0
 
LVL 4

Author Comment

by:CVSmarc
ID: 16989963
Cool...
Thanks a lot for help.
ant
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL (http://www.experts-exchange.com/articles/201/Handling-Date-and-Time-in-PHP-and-MySQL.html) several years ago, it seemed like now was a good time to updat…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now