Hacker gets in this way:
->[Webserver][rooted]->[DBServer][rooted]->File_Access(/var/lib/mysql/database)
I'd say the "major security breach" is already when the Webserver is rooted.^
If he gets to your webserver he could still read WHATEVER DATA he wants from
your database with the information he finds in your site's code.
Look at below example: (Use Fixed Font)
Internet
|
----(80,443)--- <- firewall w/ webports open
|
Webserver
|
----(3306)----- <- another one allowing mysql access
|
DBServer
Since you have a bulkhead between your servers your DBServer is completely*
safe from anyone getting file-level access to it.
But, since you have a working webserver with scripts and functions to access
the database he can still access any data he wants from the database server.
Stop worrying so much about mysql's filelevel security.
If your webserver is rooted you are toast anyway!
Mike
^Your security review needs to be reviewed?
*Unless there's a security hole in mysql allowing code/command execution.
On Wednesday 26 November 2003 14.43, Curley, Thomas wrote:
> Mike
>
> Correct and this is the architecture. The internet facing box has a
> routable IP, the DB box is separate and is not ext routable.
>
> The issue the security review highlighted strongly was the fact that if a
> hacker got access to the box (however) then copying /var/lib/mysql/database
> would result in a major security breach
>
> To the chap who siad its not a DB issue - I will check with Oracle but I'm
> sure that dropping in a directory in oracle will not give you full access
> to a database (a clear one that is)
>
> Thomas
>
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
