Mysql – Connecting MySQL database remotely on a hosting provider secure

javaMySQL

My JavaFX Desktop Application is currently connected to a hosted MySQL database remotely on bluehost. I query "SELECT", "UPDATE", "DELETE" on my JavaFX Application and successfully done.

My question is. Is this approach secure?

I am using JDBC driver to connect through it.

DriverManager.getConnection("jdbc:mysql://mysql_ip_on_bluehost_here:3306/my_db", dbUser, dbPass);

Best Answer

No it isn't secure. From a sysadmin point of view: both your credentials as well as all data will be transmitted unencrypted.

Although MySQL does support transport layer security (SSL/TLS) it isn't enabled by default and after setting up server support you'll need to explicitly instruct the client to use it as well.

Typically that would result in something along the lines of:

DriverManager.getConnection("jdbc:mysql://mysql_ip_on_bluehost_here:3306/my_db?useSSL=true", dbUser, dbPass)

An alternative would be something like IPSec that provides security on the IP layer rather than the application layer.

From a DBA point of view @M_dk made a good point that allowing direct SQL UPDATE and DELETE statements are not desirable and stored procedures are much better from a security perspective.

Related Solutions

Mysql – Cannot connect to MySQL over TCP locally – Connection Timeout – Ubuntu 9.04

are you absolutely sure the is no iptables rule preventing tcp/3306 traffic? try this as temporary workaround:

iptables -I INPUT -p tcp --dport 3306 -i lo -j ACCEPT
iptables -A OUTPUT -p tcp --sport 3306 -o lo -j ACCEPT

or maybe your NAT rules to a little bit more than you expect them to do?

ok - your loopback is not only down, but does not have 127.0.0.1 bound to it. add to /etc/network/interfaces:

auto lo
iface lo inet loopback

and.. why on earth did you bound it to vnet0? remove it from there.

quick one-time cmd line fix:

ip a d 127.0.0.1/32 dev venet0
ip a a 127.0.0.1/32 dev lo
ip link set dev lo up

Mysql – master-slave-slave replication: master will become bottleneck for writes

There is no one-size-fits-all answer to scaling MySQL. A few general tips:

Scale "diagonally" as long as you can, ie. keep things on a single MySQL server as long as you're still able to run on commodity hardware. That probably means 2 x quad-core CPUs, 64+ GB RAM, 8 disk RAID 10 -- or higher. The upper end of what is "commodity hardware" is getting faster each year.
Have a look at Brad Fitzpatrick's presentations about scaling LiveJournal. They're pretty much classics as far as scaling LAMP goes. On page 25 - 26 of this presentation you see the problem you will eventually face with MySQL replication: The writes consume all available disk I/O.
Read "High Performance MySQL". It's a really good book by authors who have seen many high-load MySQL installations.
Avoid sharding (spreading data over many MySQL servers) as long as possible. When you start sharding, you give up most benefits of relational databases, and you slow down development. If you have to do sharding, consider using a NoSQL datastore with a built-in multi server model instead -- fx Riak, Cassandra, HBase, MongoDB. Ideally, do "functional partitioning" between MySQL and NoSQL, so that you keep using MySQL for lesser hot data that fits well into an RDBMS, and you use the NoSQL engine for 'hot' data you don't need to join with the MySQL data.

maybe mysql cluster? if so, are there any pitfalls or limitations in switching the database to ndb?

In "Web Operations" there is a chapter on MySQL by Baron Schwartz. He pretty much justs says "No!" to using MySQL Cluster / NDB in a website environment. Quote: ".. it doesn't perform well for joins and GROUP BY queries, and web applications need those.".

Best Answer

Related Solutions

Mysql – Cannot connect to MySQL over TCP locally – Connection Timeout – Ubuntu 9.04

Mysql – master-slave-slave replication: master will become bottleneck for writes

Related Topic