On Thu, Jan 25, 2001 at 10:01:59PM -0600, Patrick Goetz wrote:
>
> Currently, every system I've set up is small enough so as to have
> the web server and the database server on the same machine.
> Consequently, loss of security due to packet-sniffing can be
> completely controlled by using, say, apache-ssl, since
> communications between the web server and the database server take
> place inside a single machine.
Okay...
> It just occurred to me, however, that this becomes a much bigger
> problem when the web server(s) and the database server are running
> on different machines.
Only if they're on different networks. Ideally, you could put the web
server(s) and database server on different ports of a high-speed
switch.
> Does anyone know if there is a canonical way of securing the data
> connection between the web and database servers or is this usually
> handled by simply putting the database server behind a firewall?
Simply putting one of the servers behind a firewall does nothing to
stop a packet sniffer. What you really want is some sort of encrypted
network connection. I'd suggest using SSH to do it. I've run
replication across the country via an SSH tunnel before.
Jeremy
--
Jeremy D. Zawodny, <[EMAIL PROTECTED]>
Technical Yahoo - Yahoo Finance
Desk: (408) 328-7878 Fax: (408) 530-5454
Cell: (408) 439-9951
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
