开发者

Secure Remote mySQL Connection

开发者 https://www.devze.com 2023-03-10 06:44 出处:网络
Since our shared hosting server doesn\'t allow us to setup Tomcat I decided to install it on our local machine. The local Tomcat server allows us to listen to a ce开发者_开发问答rtain port for Bancnet

Since our shared hosting server doesn't allow us to setup Tomcat I decided to install it on our local machine. The local Tomcat server allows us to listen to a ce开发者_开发问答rtain port for Bancnet transactions which will then be processed and written to the remote site.

Question: Is it safe for me to set the local PHP application to connect directly to the remote mySQL server? Any suggestions on how to make the connection secure. BTW, I have a self-signed certificate installed in the localhost but not sure how this applies to remote mySQL connection.


You could create a ssh tunnel between MySQL server and client. For more resiliency, use autossh.


If you don't connect over SSL or some other encrypted tunnel, I would absolutely assume that anything you send or receive from MySQL is done so in clear text that can be intercepted and used for malicious purposes from any link along the way. This might be fine for testing purposes with dummy data, but before you put this in production use or pull down live user data for testing, you really should either make arrangements for the data to be stored local to the web app or for there to be an encrypted connection.

Giving you a full overview of how to set up SSL connections to MySQL is beyond the scope of Stack Overflow and it's a bit complicated, but if you want to proceed, check out the documentation and do some research, there are some good informational resources out there.


I'm a bit confused as to the architecture you are trying to describe. What's running where?

If you can't install Tomcat then you probably won't be able to install anything like VPN software on the box.

MySQL can encrypt using SSL provided it has been enabled at compile time and at run time.

Alternatively, it should be fairly trivial to build a webservices tier on top of the remote database.

I would recommend switching to a VPS or managed host though.

0

精彩评论

暂无评论...
验证码 换一张
取 消