• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Secure method to access a MySQL DB over the internet?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
Mr.Guvernment

Mr.Guvernment

Member
Joined
Feb 26, 2003
Need some advice

setting up a MySQL DB on a server, it will need to allow access over the internet to it from another office.

what is the most secure way this can be done?

Obvious:

IP filter on the user account on the MySQL Db
Ip filter list on the firewall for the port


change the port to something other then the standard MySQL port?

SSH or SSL if possible?
 
VPN

Maybe you can tunnel it through SSH, not sure.

edit: yeah you can tunnel it through SSH, but not sure what client and server to use.
 
i dont want them to have direct access to the server, only a conneciton to the database, they are not getting any remote access, so no vpn or anything.

SSH i will look into, just want it to be as secure as possible!
 
VPN would be the same as SSH, just VPN the port (normally 3306 for mysql db) and firewall the rest.

But I do think SSH would be better. Just open a high-level port for the SSH tunnel and forward 3306 or whatever to it.
 
what type of router / firewall is at each office? you could just do a site to site VPN between the 2 firewalls and the connection would be completely transparent to the user.... rather than have them each use putty or what not.
 
at their office not sure since it isnt our office, our end we have a netgear right now, have a firebox that broke down so working on fixing it.

how would i limit the VPN access though to only the mysql DB and nothing else? so they dont use the internet connection of the host?
 
If you don't want to use a VPN, you can encrypt the database connection. Take a look at the MySQL reference guide HERE to make a self-signed cert and use that to encrypt the connection.
 
dark_15 said:
If you don't want to use a VPN, you can encrypt the database connection. Take a look at the MySQL reference guide HERE to make a self-signed cert and use that to encrypt the connection.
Click to expand...

Hadn't thought of that. Hell I didn't even know mysql had encryption, but now that I think about it, that makes sense. Man, open source is awesome.
 
=ACID RAIN= said:
Hadn't thought of that. Hell I didn't even know mysql had encryption, but now that I think about it, that makes sense. Man, open source is awesome.
Click to expand...
MSSQL can do it as well, and the method for MySQL I mentioned is pretty similar to MSSQL's method. I've used it before as a quick and dirty way of getting things going.

Now a VPN would accomplish the same requirement, but terminating a VPN on a Netgear... well, it's not very fun and painful to troubleshoot at times.
 
if you create a site to site VPN (although I doubt the netgear will allow you to) you can restrict access with firewalls rules.... basically just have a rule with the source network or IP's which require access and have the destination be the IP of the server and only allow the ports you will be using.

you will have to get with the remote admin to see if they can set that up and you would also have to see if you can create a VPN on your side
 
i know i could do a VPN on our watchguard box, i will keep that option in mind if the ncrypted mysql fails for me :D
 
You must log in or register to reply here.

Similar threads

c627627
What equipment should I buy to connect over a hundred WiFi devices?
2 3 4 5
Replies
96
Views
4K
c627627
c627627
don256us
Network upgrades.
2
Replies
31
Views
2K
don256us
don256us
ZetaRevan
How-to: Linux Gaming Explained (2023 version)
Replies
0
Views
2K
ZetaRevan
ZetaRevan
don256us
Production hit for the dumbest of reasons.
Replies
4
Views
921
don256us
don256us
madman7
Connecting router to repeater help!!
Replies
8
Views
1K
KGH
KGH
Back