advice on a Rev-plus-internet setup (off-topic)
Ken Ray
kray at sonsothunder.com
Sat Jan 5 13:26:39 EST 2008
On Sat, 05 Jan 2008 13:07:47 +0200, viktoras didziulis wrote:
> Leaving an open port for remote access to any database would it be
> MySQL or Postgress is considered a serious web server security breach
> and most providers are aware about this. Besides your data would
> never be secure on such an open system - anyone that is able to sniff
> your password can drop all your tables, and do even more harm...
That's true; the only thing I'd like to add here is that at least with
MySQL (which I'm the most familiar with), when you set up who gets
access to the database, you can also identify an IP address "mask"
that's authorized; so if its for a select set of people who have static
IPs, then you can fully restrict access to only those individuals; if
they have dynamic IPs, you can provide a reasonably narrow range of
access, and this is of course in addition to the login and password
into the database. For the clients I've been working with over the last
4 years, we've only had one unauthorized access (and that was because
the 'root' user was accidentally left without an IP address
restriction).
This is of course with a direct "Rev-on client" to
"mySQL-DB-on-remote-server" implementation. As Viktoras suggested, a
more secure way is to relay (regardless of database backend).
Just my 2 cents,
Ken Ray
Sons of Thunder Software, Inc.
Email: kray at sonsothunder.com
Web Site: http://www.sonsothunder.com/
More information about the use-livecode
mailing list