Depends on what you need to do with the data. Using the web host as slave is a good idea if the data is read-only, or if you never have to propagate changes back to the secure database.
If you need to provide realtime access to the remote/secure database, consider using some other protocol (possibly HTTP-based) where you can limit the operations that the public web site can do, and open the firewall up to that. On Tue, Apr 19, 2011 at 9:51 AM, Michael Janapin <[email protected]>wrote: > Hello, > I just want to ask the best way to do this. > > We have a MySQL server that is accessible only within our local subnet, > which is of course, behind a firewall. > > Now we have a website hosted abroad where I'm planning to put some php > pages to access our database after a secure login process. > > I have three options right now that I can think of. > 1. Use our web host's MySQL server as a slave server. > 2. Use another machine within our local subnet as a slave mysql server and > configure the firewall to port forward mysql connection to this machine. > 3. Just configure the firewall to port forward to our MySQL server. > > My hesitation to #3 above is that it looks the most vulnerable to me! (I'm > not really comfortable with just the firewall). > With #2, it would require another machine to run the slave mysql, and might > be too cumbersome to setup. > With #1, I read somewhere that it would be best to separate the location of > the php scripts with the mysql server it is trying to access. > > > The database contains sensitive information (no credit card numbers, thank > God!) and so I'd like a secure way of making it accessible to our valid > users. > > Any tip is greatly appreciated. Thank you in advance. > > -- > Michael R. Janapin > PBTS Baguio City, Philippines > http://mulingsilang.wordpress.com > http://www.pbts.net.ph > > > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph >
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
