He doesn't need ODBC to make a connection, his Java app is doing that already...
I agree with J.R., you should move your database server behind your firewall and just open the one port (3306). If you would prefer, you can designate your database server to use a different port (42000 for example) so that anyone that hits your site with a port scanner won't automatically detect that you are running a MySQL server. Just adjust your Java clients and firewall to use the same port number. This is not a great security suggestion as I personally do not believe in "security through obscurity" but the combination of using an unreserved port and opening only that port through your firewall at least creates two obstacles to anyone wanting to do damage. For a more secure client-server config, enable SSL and require it on all connections. If you add up the effects of SSL + strange port + firewall you can see how each layer contributes to the overall security of your application. Using SSL, even your logins are encrypted. Without it, anyone sniffing your network traffic can see both the queries and the responses. Nothing that goes over the internet can be perfectly secure but there are levels of security that are both reasonable and practical. How much security you need depends entirely on how sensitive your data is. Shawn Green Database Administrator Unimin Corporation - Spruce Pine "J.R. Bullington" <[EMAIL PROTECTED]> wrote on 07/06/2005 01:27:39 PM: > "something" = ODBC is the first thing that comes to mind. > > You can set specific permissions on the ODBC and you don't have to open up > but 1 port (3306 or whatever you choose) in your proxy / firewall. Whenever > your app calls the ODBC, the connection is made and everything is happy. > > Just my $.02 > J.R. > > -----Original Message----- > From: Ruben Carvalho [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 06, 2005 1:20 PM > To: [EMAIL PROTECTED] > Cc: mysql@lists.mysql.com > Subject: Re: Network drive > > > I don't have a web server, I mean, I have a standalone java application > running in my clients and the application calls the database. > > Is there any way of having "something" listening to my application calls in > my open machine (outside the > proxy) and this "something" would then call the database running behind the > proxy? > > > > --- [EMAIL PROTECTED] wrote: > > > Ruben Carvalho <[EMAIL PROTECTED]> wrote on > > 07/06/2005 12:54:24 > > PM: > > > > > Well, thank you very much for your explanation. > > > > > > My problem is I would like to have the data files being saved in a > > > machine behind a proxy but the > > server > > > running in a machine outside the proxy (the > > clients > > > don't have access to the machine behind the > > proxy). > > > > > > Any ideas? Thank you > > > > > > --- [EMAIL PROTECTED] wrote: > > > > > > > Ruben Carvalho <[EMAIL PROTECTED]> > > wrote on > > > > 07/06/2005 11:06:10 > > > > AM: > > > > > > > > > I think I haven't understood your question. I > > > > guess > > > > > that in case of a network failure you can have > > the > > > > > same behavior as a power shutdown. > > > > > > > > > > About the networked drives? Anyone? > > > > > > > > > > > > > > > --- Martijn Tonies <[EMAIL PROTECTED]> > > wrote: > > > > > > > > > > > Hi Ruben, > > > > > > > > > > > > > I would like to make a short, quick and > > simple > > > > > > > question. > > > > > > > > > > > > > > Is it possible to have the following line: > > > > > > > > > > > > > > innodb_data_home_dir="X:/data/" > > > > > > > > > > > > > > in a my.ini config file? > > > > > > > > > > > > > > I'm using windows XP, mysql 4.1.12, X: is > > a > > > > mapped > > > > > > > network drive to a Linux folder using > > samba, > > > > all > > > > > > the > > > > > > > permissions are set and tested. > > > > > > > > > > > > > > I have seen this posted many times but > > without > > > > > > many > > > > > > > replies. I want to use a folder in a > > mapped > > > > drive > > > > > > to > > > > > > > save my InnoDB data. Is this possible? > > > > > > > > > > > > I don't know this particular answer for > > MySQL, > > > > but I > > > > > > do have 1 question: > > > > > > > > > > > > If the database engine doesn't have control > > over > > > > the > > > > > > files > > > > > > and/or drive, what should it do in the case > > of a > > > > > > network > > > > > > failure? > > > > > > > > > > > > Let alone the latency of a networked file... > > > > > > > > > > > > With regards, > > > > > > > > > > > > Martijn Tonies > > > > > > Database Workbench - tool for InterBase, > > > > Firebird, > > > > > > MySQL, Oracle & MS SQL > > > > > > Server > > > > > > Upscene Productions > > > > > > http://www.upscene.com > > > > > > Database development questions? Check the > > forum! > > > > > > http://www.databasedevelopmentforum.com > > > > > > > > > > > > > > > > > > > > > > > > > > > Rúben Carvalho > > > > > > > > RDBMS over a network: NOT recommended. Not only > > can > > > > you not enforce > > > > OS-level locking on your files (maybe you can, I guess it may > > > > depend on your device and inteface protocols) but the MOST COMMON > > > > bottleneck to database performance is disk I/O. If you went > > with > > > > networked storage, you > > > > are not only going to suffer through disk lag > > (seek > > > > time + rotational > > > > positioning before the operation can start) but > > you > > > > are incurring network > > > > overhead on top of it IN BOTH DIRECTIONS. > > > > > > > > Unless your network device is flash-only (all memory, no disks), > > > > you just cut your throughput by at least 75%. And even if your > > > > device is flash-only you will reduce your data throughput by > > > > 25-50% > > (all > > > > performance numbers > > > > are rough estimates pulled out of my a** but > > based > > > > on the number of extra > > > > network hops necessary to get at and read your files). > > > > > > > > I don't care how fast your network is, networked storage can't be > > > > as fast as local disks. Again, it is highly discouraged > > to > > > > use networked storage > > > > for anything but the most trivial database uses (small file sizes, > > > > low traffic, etc). For any application that requires even modest > > > > performance, spend your money on a fast RAID configuration. > > You > > > > will be much happier in > > > > the long run. > > > > > > > > Shawn Green > > > > Database Administrator > > > > Unimin Corporation - Spruce Pine > > > > > > > > > > > > Rúben Carvalho > > > > > > > There are different kinds of secure setups. As a first idea, your > > database server and your web server DO NOT need to be on the same > > machine. There are MANY ways to setup a secure web system. How many of > > each type of networking component are at your disposal (proxy servers, > > firewalls, web servers, network interface cards, routers, etc.)? > > Different types of > > security are available with different > > hardware/software configurations. > > > > Basically, it all boils down to keeping the users only where you want > > the users to be (outside of your network) and allowing only certain > > servers (or even just particular processes on those servers) to access > > your internal resources. > > > > Shawn Green > > Database Administrator > > Unimin Corporation - Spruce Pine > > > > > > > Rúben Carvalho > > > > > > ___________________________________________________________ > Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with > voicemail http://uk.messenger.yahoo.com > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] >
