Thanks for the response.
On Thu, 25 Jan 2001, Jeremy D. Zawodny wrote:
> > It just occurred to me, however, that this becomes a much bigger
> > problem when the web server(s) and the database server are running
> > on different machines.
>
> Only if they're on different networks. Ideally, you could put the web
> server(s) and database server on different ports of a high-speed
> switch.
>
This must assume some kind of hardware firewall, then (i.e. inside the
switch), else how would this provide any kind of security? All the
switches I currently use essentially just act as repeaters, so anyone
with a physical connection to the switch (i.e. the whole Internet, more or
less) can grab the packets passing between the 2 machines.
>
> Simply putting one of the servers behind a firewall does nothing to
> stop a packet sniffer.
This point I don't see at all. If your network is configured like this:
{Web Server Pool}
/
/
E1
Internet ------- E2:Firewall
E3
\
\
Database Server
you simply create firewall rules which prevent any packets from passing
between interfaces E2 and E3 (i.e. any packets originating from E3 are
only allowed to pass through E1 to the web server pool.
> What you really want is some sort of encrypted
> network connection. I'd suggest using SSH to do it. I've run
> replication across the country via an SSH tunnel before.
>
So this must be some sort of TCP wrapper? Where could I find some good
documentation on how to implement this?
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
