Best practice for ONLY allowing MySQL access to a server?
Posted
by
Calvin Froedge
on Server Fault
See other posts from Server Fault
or by Calvin Froedge
Published on 2010-12-29T00:39:57Z
Indexed on
2010/12/29
0:55 UTC
Read the original article
Hit count: 252
Here's the use case:
I have a SaaS system that was built (dev environment) on a single box. I've moved everything to a cloud environment running Ubuntu 10.10. One server runs the application, the other runs the database. The basic idea is that the server that runs the database should only be accessible by the application and the administrator's machine, who both have correct RSA keys.
My question:
Would it be better practice to use a firewall to block access to ALL ports except MySQL, or skip firewall / iptables and just disable all other services / ports completely? Furthermore, should I run MySQL on a non-standard port? This database will hold quite sensitive information and I want to make sure I'm doing everything possible to properly safeguard it.
Thanks in advance. I've been reading here for a while but this is the first question that I've asked. I'll try to answer some as well = )
© Server Fault or respective owner