Forum > Databases
Connecting to remote MySQL database via SSH
MarkMLl:
--- Quote from: rvk on March 15, 2023, 03:39:33 pm ---On the other hand, if you only use SSH to a certain user which has absolutely no rights other than tunneling a connection (so not even a login), you might be more secure. There are ways to harden the security of SSH used only for tunneling. But you still expose all possible ports, although that's also the case with VPN. So if you want to go the SSH route, look into that. Otherwise, use VPN (but make sure both are secured).
--- End quote ---
I agree, and as soon as the Internet lowlives see something that looks like a login port they'll start hammering it. It's possible to start messing around with non-standard ports, port knocking and so on but all of these have their downsides.
If MySQL doesn't offer a secure connection mechanism then switch to something that does like PostgreSQL.
MarkMLl
rvk:
Of course don't expose PostgreSQL to the internet either.
It also had vulnerabilities in the past and it isn't certain it won't in the future.
MarkMLl:
--- Quote from: rvk on March 16, 2023, 10:49:53 am ---Of course don't expose PostgreSQL to the internet either.
It also had vulnerabilities in the past and it isn't certain it won't in the future.
--- End quote ---
But it *does* have TLS as a standard connection method, and clients can be filtered by IP address etc.
Let's face it, /no/ server is 100% safe, and that includes standard web servers etc. But generally speaking you're better off starting with something which has secure protocols etc. "baked in" rather than "tacked on".
MarkMLl
Navigation
[0] Message Index
[*] Previous page