Nikola Skoric wrote:
Well, this is how I understand (and I don't profess to having a thorough understanding).Hello,
I'm wondering whether there is a way to hack into my database if I'm connecting with PHP from remote web server to my MySQL server with unencrypted connection? I'm using phpBB forums (residing on one server and using the database on other server) which do not suport SSH connections, so I'd like to know if I'm opening a security hole in my system this way?
There are two aspects of security in a MySQL server, Host and Password, echnically Username can't count as a third I suppose.
An unencrypted connection leaves you open to packet sniffing, the connection info and data being passed through in an easy to read manner (relatively).. Through that someone could learn your Username, and hashed password. Anyone with that information and access to a host that the user is allowed to connect from will be able to login as that user.
So, in this instance, you would need a very restrictive Host requirement (ideally one server, that no one else has access to). Whether this is good enough is really up to the admin.
This is really a case in possibility, not really something you'd have to deal with every day.
As long as it's not a shared server you're connecting from and MySQL is set up to only allow connections from that server, it seems like it should be good enough.
Chris
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
