Best practice for ONLY allowing MySQL access to a server?
- by Calvin Froedge
Here's the use case:
I have a SaaS system that was built (dev environment) on a single box. I've moved everything to a cloud environment running Ubuntu 10.10. One server runs the application, the other runs the database. The basic idea is that the server that runs the database should only be accessible by the application and the administrator's machine, who both have correct RSA keys.
My question:
Would it be better practice to use a firewall to block access to ALL ports except MySQL, or skip firewall / iptables and just disable all other services / ports completely? Furthermore, should I run MySQL on a non-standard port? This database will hold quite sensitive information and I want to make sure I'm doing everything possible to properly safeguard it.
Thanks in advance. I've been reading here for a while but this is the first question that I've asked. I'll try to answer some as well = )