All geek questions in one place

MySQL Connection and Security

I was wondering if anyone can tell me if there are any potential security flaws that can occur when connecting to a MySQL database that is not located on "localhost", that is, through an IP address?

+3
source share
3 answers

Yes, violations occur without protecting the connection to your database. This is a network issue, not a Secuirty question. Thus, this answer depends entirely on the topology of your network.

If a segment of your network is possibly accessible to an attacker, then you must protect yourself with cryptography. For example, you have a malicious person who has compromised a machine on your network, then they can carry out an attack

You should connect to your MySQL database using. This ensures that all transmitted data is protected. You must create self-signed x509 certificates and hard code them. It’s free and you don’t need a CA, for example Verisign. If there is a certificate exception, that is, MITM, and thus it does not allow you to shed the password.

Another option is, and it is better suited if you have several daemons that require reliable point-to-point connections.

+6
source

, , , MySQL .

, , (,), .

, MySQL, , .

( ), ( SSL, ). , , , .

+2

, MySQL VLAN . , , geo-ip / , , , , .

SQL- , , , , spoofing arp, , , , , , MySQL - .

If you wish, you can save it on an encrypted hard drive in a physically safe place with the switch, therefore, by turning off the power, it will turn off and the private key will be erased, therefore, both level 1 and layer 2 will be protected.

Using a static ARP table on the switch plus filtering for static entries compared to the port is very easy to do, because it is also a physical layer - the port number.

0
source

Source: https://habr.com/ru/post/1741128/

More articles:


All Articles