Thanks a lot to those who responded so far. Intially, I'm planning a READ-ONLY access off our website. However, it would be nice to scale it later to accommodate changes, updates, etc. through the web.
Again, thanks for those who took time responding. :-) @Zak, I can't run MySQL on our firewall/router. LoL. On Tue, Apr 19, 2011 at 1:50 PM, Mark David Dumlao <[email protected]>wrote: > As I recall you can use MySQL's own permissions system to limit to the > table / column level what a user can do. Obviously you'll want the > credentials of your public web server separate from the internal one. > > > On Tue, Apr 19, 2011 at 10:12 AM, Brian Baquiran > <[email protected]>wrote: > >> Depends on what you need to do with the data. >> >> Using the web host as slave is a good idea if the data is read-only, or if >> you never have to propagate changes back to the secure database. >> >> If you need to provide realtime access to the remote/secure database, >> consider using some other protocol (possibly HTTP-based) where you can limit >> the operations that the public web site can do, and open the firewall up to >> that. >> >> On Tue, Apr 19, 2011 at 9:51 AM, Michael Janapin < >> [email protected]> wrote: >> >>> Hello, >>> I just want to ask the best way to do this. >>> >>> We have a MySQL server that is accessible only within our local subnet, >>> which is of course, behind a firewall. >>> >>> Now we have a website hosted abroad where I'm planning to put some php >>> pages to access our database after a secure login process. >>> >>> I have three options right now that I can think of. >>> 1. Use our web host's MySQL server as a slave server. >>> 2. Use another machine within our local subnet as a slave mysql server >>> and configure the firewall to port forward mysql connection to this machine. >>> 3. Just configure the firewall to port forward to our MySQL server. >>> >>> My hesitation to #3 above is that it looks the most vulnerable to me! >>> (I'm not really comfortable with just the firewall). >>> With #2, it would require another machine to run the slave mysql, and >>> might be too cumbersome to setup. >>> With #1, I read somewhere that it would be best to separate the location >>> of the php scripts with the mysql server it is trying to access. >>> >>> >>> The database contains sensitive information (no credit card numbers, >>> thank God!) and so I'd like a secure way of making it accessible to our >>> valid users. >>> >>> Any tip is greatly appreciated. Thank you in advance. >>> >>> -- >>> Michael R. Janapin >>> PBTS Baguio City, Philippines >>> http://mulingsilang.wordpress.com >>> http://www.pbts.net.ph >>> >>> >>> >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >> >> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > > > > -- > This email is: [ ] actionable [ ] fyi [ ] social > Response needed: [ ] yes [ ] up to you [ ] no > Time-sensitive: [ ] immediate [ ] soon [ ] none > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- Michael R. Janapin PBTS Baguio City, Philippines http://mulingsilang.wordpress.com http://www.pbts.net.ph
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
