Go Back   nV News Forums > Software Forums > Software Development

Newegg Daily Deals

Reply
 
Thread Tools
Old 01-23-07, 03:41 PM   #1
fivefeet8
Ngemu Mod
 
Join Date: Jul 2003
Location: Fresno, CA
Posts: 1,886
Default Mysql Remote Access

When you connect to a remote Mysql Database using a PHP script located on another webserver, does the database recieve information about the other webserver's IP, or does it recieve the user's IP.

For example, a PHP script will be accessing 2 databases to retrieve data and display it to a logged in(using sessions) user. 1 database will be local to the script, but the other will not.

Is it possible to permit access to a remote mysql database by only where the script is running from?
__________________
[i7 2600k @4.4ghertz][2x4 GB DDR3 1600][EVGA GTX570 1.280GB SC][EVGA GTX460 physx][Asrock Extreme7 Gen3 Z68][2xSeagate 160 Gb SATA HD raid0][Seagate 250 GB SATA2 HD][Sony Bravia 40' 1080p LCD HDTV][NEC 3520a DVD+-DLw][Windows 7 Ultimate x64][Rosewill 1000w]
fivefeet8 is offline   Reply With Quote
Old 01-23-07, 03:48 PM   #2
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Mysql Remote Access

PHP is server-side, as a result the connection to the remote MySQL server will be made by the PHP webserver, not from the HTTP REMOTE_ADDR.

I'd just an iptables script to block access.

Assuming you're default INPUT policy is ACCEPT and mysql is listening on TCP 3306:

iptables -A INPUT -p tcp --dport 3306 -s ! PHP_webserver_ip -j DROP

Assuming you're default INPUT policy is DROP and mysql is listening on TCP 3306:

iptables -A INPUT -p tcp --dport 3306 -s PHP_webserver_ip -j ACCEPT
evilghost is offline   Reply With Quote
Old 01-23-07, 03:58 PM   #3
fivefeet8
Ngemu Mod
 
Join Date: Jul 2003
Location: Fresno, CA
Posts: 1,886
Default Re: Mysql Remote Access

Thanks. That makes it a bit easier to secure the remote Mysql Database. So does that mean that anyone logging in to the webhost running the PHP scripts will be able to access the remote mysql Database? From the sound of it, it should right?
__________________
[i7 2600k @4.4ghertz][2x4 GB DDR3 1600][EVGA GTX570 1.280GB SC][EVGA GTX460 physx][Asrock Extreme7 Gen3 Z68][2xSeagate 160 Gb SATA HD raid0][Seagate 250 GB SATA2 HD][Sony Bravia 40' 1080p LCD HDTV][NEC 3520a DVD+-DLw][Windows 7 Ultimate x64][Rosewill 1000w]
fivefeet8 is offline   Reply With Quote
Old 01-23-07, 04:04 PM   #4
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Mysql Remote Access

Quote:
Originally Posted by fivefeet8
Thanks. That makes it a bit easier to secure the remote Mysql Database. So does that mean that anyone logging in to the webhost running the PHP scripts will be able to access the remote mysql Database? From the sound of it, it should right?
They will have rights to connect to MySQL on the protocol/service level but will not have rights to the database unless they are authenticating with the same database username/password. Access to MySQL database objects (databases, tables, rights, etc) are controlled by the MySQL GRANT statement.

Basically, it's two methods of security.

1) Port security, only permit the web host to connect to MySQL. This keeps the script kiddies at bay and is good security.

2) Actual MySQL authentication.
evilghost is offline   Reply With Quote
Old 01-23-07, 04:10 PM   #5
fivefeet8
Ngemu Mod
 
Join Date: Jul 2003
Location: Fresno, CA
Posts: 1,886
Default Re: Mysql Remote Access

Thanks again.
__________________
[i7 2600k @4.4ghertz][2x4 GB DDR3 1600][EVGA GTX570 1.280GB SC][EVGA GTX460 physx][Asrock Extreme7 Gen3 Z68][2xSeagate 160 Gb SATA HD raid0][Seagate 250 GB SATA2 HD][Sony Bravia 40' 1080p LCD HDTV][NEC 3520a DVD+-DLw][Windows 7 Ultimate x64][Rosewill 1000w]
fivefeet8 is offline   Reply With Quote
Old 01-23-07, 04:13 PM   #6
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Mysql Remote Access

Quote:
Originally Posted by fivefeet8
Thanks again.
Glad to help
evilghost is offline   Reply With Quote
Old 03-09-07, 04:17 AM   #7
sm0ke
Registered User
 
sm0ke's Avatar
 
Join Date: Oct 2004
Posts: 86
Default Re: Mysql Remote Access

well, this is a bit besides the thread topic, but the default policy should always be DROP, followed by adding ACCEPT rules.
__________________
bow before me for i am root
| P5ND2-SLI | P4D 830 | Sparkle GFX8800GTS | 1GB OCZ VALUE PRO | 21" DELL P1130
sm0ke is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
BUG 302.17 - can not access TTY console legluondunet NVIDIA Linux 9 06-24-12 06:16 PM
How Microsoft and Yahoo are selling politicians access to you News Archived News Items 0 06-12-12 11:10 PM
The Circuit: Cybersecurity, Facebook and kids, special access News Archived News Items 0 06-05-12 09:00 PM
Remote Accelerated GLX and Raster Display Oddity dzzero NVIDIA Linux 2 09-18-02 02:59 PM
Remote rendering???? nVIDIOT@NASA NVIDIA Linux 1 08-16-02 02:00 PM

All times are GMT -5. The time now is 12:30 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.