Derek Sivers wrote:
> searched the lists & books & found no mention of this:
>
> Are there any security issues in doing lots of remote-connecting (TCP/IP)
> to my MySQL database server?
Anything can be broken with this. MySQL limits this by amount of
max_connections but if someone else occupies them then MySQL can do
nothing. I bet best what you can do is to use ipchains to limit IP-s of
incoming connections. This reduces problem but doesn't loose it.
> (My Apache/PHP is on a different webserver from the MySQL server. And
> sometimes across the country.)
>
> Won't that password be somehow sniffable?
It can be. And also even if password is not sniffable then data is
moving in plain.
> Any measures I could take (like SSH) to encrypt the transaction?
>
> Any advice (FAQs, URLs, etc.) - appreciated.
Use CIPE tunnel. You can find it:
http://sites.inka.de/sites/bigred/devel/cipe.html
MySQL own SSL support is delayed because our Estonian monopolistic
Telecom made lawsuit against me and my computers with SSL patches are in
police now. When I can get them back, SSL support will be in soon.
--
MySQL Development Team
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Tonu Samuel <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/
/_/ /_/\_, /___/\___\_\___/ Tallinn, Estonia
<___/
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php