Re: [Hampshire] Suggestions for MySQL connectivity
Thanks for everybody's helpful advice. After the initial panic that it would not be possible to get a direct connection, it was, in fact quite straightforward and a host was found for me. For the record, tsohosts do it, they are good value and were very helpful. I copied that database, reconfigured everything that needed it and, hopefully, everything is as it was before. The new host does offer SSH access but I am not obliged to use it. I hope I am not being complacent because the data on the site is only a list of names (used to greet the customer) plus hashed usernames and passwords. Thanks again, Roger On 22/01/13 22:26, Tim Brocklehurst wrote: Clearly we have to go somewhere else. Can anybody recommend a hosting company that will provide a direct connection to MySQL? The support told me that it was a wicked thing to do a huge security risk. Not having been involved in software for several years, I am willing to believe that it could have become a problem, but is it such a risk that nobody will offer direct connections. If so what are the the mechanisms that are unsafe? Also what alternative techniques are available to transfer data between databases. Roger, Providing a direct connection to MySQL (or any database server) is probably not a good idea [1]. Put simply, while MySQL has some security features, I wouldn't rely on them over the internet. This drove me to hosting a similar setup internally at a company I was working for some years back. You could consider an SSH tunnel, or a VPN tunnel into the remote server, and then access the database through that. There are loads of examples of these, just google. The tunnel itself secures any data that is transmitted through it, so the other end just looks like a continuation of your LAN. However, if you do this you need to ensure that passwords and/or keys are kept safe, and are suitably strong. Alternatively, there is nothing to stop you hosting it internal to the company, as long as they have a sufficiently reliable (and fast enough) broadband provider. However, this has both pros and cons. Hope this helps, Tim B. [1] http://dev.mysql.com/doc/refman/5.0/en/security-against-attack.html -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
[Hampshire] Suggestions for MySQL connectivity
In the early 90's, I wrote a programme which organised home deliveries for a farmer friend of mind. It was optimised for the office staff to take orders over the telephone, the customers being supplied with a printed catalogue. It was written in Foxpro now sadly no longer with us. In 2005 I wrote a website using PHP and MySQL to enable customers to order online however the main work is still being done by the original programme which hasn't had to change because the business hasn't changed (apart from a few extras like emailing PDF invoices etc). The delivery programme updated the websites product data and collected orders via a direct connection to the MySQL database via an ODBC connection. Since 2005 the website has been split on to two hosts, one part has the day to day information stuff and is continually being reworked but the original online ordering part has been left intact - until today. The hosting company which has been taken over twice since 2005, shifted the website to another server pretty much without warning. They claim to have sent an email to the farmer just before Christmas, just when food retailers are having a quiet time. The probably did but I am sure it was full of techno gobbledy gook justifying their very steep price rise but nothing to alert the farmer that his website was going to be smashed. It took the best part of the day to get things running again but the killer problem is that they are no longer going to allow direct connection to the database anymore. After a lot of pleading we got 7 days grace and a connection from the farm will be allowed. Clearly we have to go somewhere else. Can anybody recommend a hosting company that will provide a direct connection to MySQL? The support told me that it was a wicked thing to do a huge security risk. Not having been involved in software for several years, I am willing to believe that it could have become a problem, but is it such a risk that nobody will offer direct connections. If so what are the the mechanisms that are unsafe? Also what alternative techniques are available to transfer data between databases. If you are interested the site is www.sunnyfields.co.uk Click on online ordering to step back to 2005. It is a bit long in the tooth by today’s standards but it was just as fast over a modem and you didn't have to spend a lot of time scrolling. Thanks for your attention. Roger -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] Suggestions for MySQL connectivity
On 22/01/13 22:06, Roger Munford wrote: In the early 90's, I wrote a programme which organised home deliveries for a farmer friend of mind. It was optimised for the office staff to take orders over the telephone, the customers being supplied with a printed catalogue. It was written in Foxpro now sadly no longer with us. In 2005 I wrote a website using PHP and MySQL to enable customers to order online however the main work is still being done by the original programme which hasn't had to change because the business hasn't changed (apart from a few extras like emailing PDF invoices etc). The delivery programme updated the websites product data and collected orders via a direct connection to the MySQL database via an ODBC connection. Since 2005 the website has been split on to two hosts, one part has the day to day information stuff and is continually being reworked but the original online ordering part has been left intact - until today. The hosting company which has been taken over twice since 2005, shifted the website to another server pretty much without warning. They claim to have sent an email to the farmer just before Christmas, just when food retailers are having a quiet time. The probably did but I am sure it was full of techno gobbledy gook justifying their very steep price rise but nothing to alert the farmer that his website was going to be smashed. It took the best part of the day to get things running again but the killer problem is that they are no longer going to allow direct connection to the database anymore. After a lot of pleading we got 7 days grace and a connection from the farm will be allowed. Clearly we have to go somewhere else. Can anybody recommend a hosting company that will provide a direct connection to MySQL? The support told me that it was a wicked thing to do a huge security risk. Not having been involved in software for several years, I am willing to believe that it could have become a problem, but is it such a risk that nobody will offer direct connections. If so what are the the mechanisms that are unsafe? Also what alternative techniques are available to transfer data between databases. If you are interested the site is www.sunnyfields.co.uk Click on online ordering to step back to 2005. It is a bit long in the tooth by today’s standards but it was just as fast over a modem and you didn't have to spend a lot of time scrolling. Thanks for your attention. Roger HI Roger I not very up on SQL web hosting but have a word with TSOHost, very good service very reasonable rate. I got recommend to them several years ago by a post on this lug, not looked back since, they have a pre sales forum (http://forums.tsohost.co.uk/) where you can ask questions and you will quite possibly get an answer at this time at night Tim -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] Suggestions for MySQL connectivity
Clearly we have to go somewhere else. Can anybody recommend a hosting company that will provide a direct connection to MySQL? The support told me that it was a wicked thing to do a huge security risk. Not having been involved in software for several years, I am willing to believe that it could have become a problem, but is it such a risk that nobody will offer direct connections. If so what are the the mechanisms that are unsafe? Also what alternative techniques are available to transfer data between databases. Roger, Providing a direct connection to MySQL (or any database server) is probably not a good idea [1]. Put simply, while MySQL has some security features, I wouldn't rely on them over the internet. This drove me to hosting a similar setup internally at a company I was working for some years back. You could consider an SSH tunnel, or a VPN tunnel into the remote server, and then access the database through that. There are loads of examples of these, just google. The tunnel itself secures any data that is transmitted through it, so the other end just looks like a continuation of your LAN. However, if you do this you need to ensure that passwords and/or keys are kept safe, and are suitably strong. Alternatively, there is nothing to stop you hosting it internal to the company, as long as they have a sufficiently reliable (and fast enough) broadband provider. However, this has both pros and cons. Hope this helps, Tim B. [1] http://dev.mysql.com/doc/refman/5.0/en/security-against-attack.html -- Hampshire Linux User Group Chairman -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] Suggestions for MySQL connectivity
Hi Roger, On Tue, Jan 22, 2013 at 10:06:33PM +, Roger Munford wrote: The support told me that it was a wicked thing to do a huge security risk. Not having been involved in software for several years, I am willing to believe that it could have become a problem, but is it such a risk that nobody will offer direct connections. If using a shared install of MySQL, i.e. there's one MySQL install and each customer has a login, then exposing the MySQL port to the Internet will risk a brute force dictionary attack gaining access to an account. From there, bad things can occur that affect other customers. There is always going to be a compromise between cheaper shared hosting which is inflexible because it has to serve many people's needs, versus more expensive dedicated hosting that can be configured exactly how you would like. If you have SSH access than as others have mentioned you may be able to do an SSH tunnel, then the MySQL connection would appear to be coming from the local host. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting signature.asc Description: Digital signature -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
