As I recall you can use MySQL's own permissions system to limit to the table / column level what a user can do. Obviously you'll want the credentials of your public web server separate from the internal one.
On Tue, Apr 19, 2011 at 10:12 AM, Brian Baquiran <[email protected]>wrote: > Depends on what you need to do with the data. > > Using the web host as slave is a good idea if the data is read-only, or if > you never have to propagate changes back to the secure database. > > If you need to provide realtime access to the remote/secure database, > consider using some other protocol (possibly HTTP-based) where you can limit > the operations that the public web site can do, and open the firewall up to > that. > > On Tue, Apr 19, 2011 at 9:51 AM, Michael Janapin < > [email protected]> wrote: > >> Hello, >> I just want to ask the best way to do this. >> >> We have a MySQL server that is accessible only within our local subnet, >> which is of course, behind a firewall. >> >> Now we have a website hosted abroad where I'm planning to put some php >> pages to access our database after a secure login process. >> >> I have three options right now that I can think of. >> 1. Use our web host's MySQL server as a slave server. >> 2. Use another machine within our local subnet as a slave mysql server and >> configure the firewall to port forward mysql connection to this machine. >> 3. Just configure the firewall to port forward to our MySQL server. >> >> My hesitation to #3 above is that it looks the most vulnerable to me! (I'm >> not really comfortable with just the firewall). >> With #2, it would require another machine to run the slave mysql, and >> might be too cumbersome to setup. >> With #1, I read somewhere that it would be best to separate the location >> of the php scripts with the mysql server it is trying to access. >> >> >> The database contains sensitive information (no credit card numbers, thank >> God!) and so I'd like a secure way of making it accessible to our valid >> users. >> >> Any tip is greatly appreciated. Thank you in advance. >> >> -- >> Michael R. Janapin >> PBTS Baguio City, Philippines >> http://mulingsilang.wordpress.com >> http://www.pbts.net.ph >> >> >> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- This email is: [ ] actionable [ ] fyi [ ] social Response needed: [ ] yes [ ] up to you [ ] no Time-sensitive: [ ] immediate [ ] soon [ ] none
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
