As what others have said, #1 is your best bet for an inquiry-only web app.
If you need to do updates, well... I'm not a big fan of exposing the primary
db directly to the web, so I would go for something in between besides a
firewal like SOAP APIs or some other messaging solution.
--- mike t.
________________________________
From: Michael Janapin <[email protected]>
To: Philippine Linux Users' Group (PLUG) Technical Discussion List
<[email protected]>
Sent: Tuesday, April 19, 2011 9:51 AM
Subject: [plug] Database Best Practices
Hello,
I just want to ask the best way to do this.
We have a MySQL server that is accessible only within our local subnet, which
is of course, behind a firewall.
Now we have a website hosted abroad where I'm planning to put some php pages to
access our database after a secure login process.
I have three options right now that I can think of.
1. Use our web host's MySQL server as a slave server.
2. Use another machine within our local subnet as a slave mysql server and
configure the firewall to port forward mysql connection to this machine.
3. Just configure the firewall to port forward to our MySQL server.
My hesitation to #3 above is that it looks the most vulnerable to me! (I'm not
really comfortable with just the firewall).
With #2, it would require another machine to run the slave mysql, and might be
too cumbersome to setup.
With #1, I read somewhere that it would be best to separate the location of the
php scripts with the mysql server it is trying to access.
The database contains sensitive information (no credit card numbers, thank
God!) and so I'd like a secure way of making it accessible to our valid users.
Any tip is greatly appreciated. Thank you in advance.
--
Michael R. Janapin
PBTS Baguio City, Philippines
http://mulingsilang.wordpress.com
http://www.pbts.net.ph
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph
