Need help on a project, setting up mysql database

  • Lysanda
  • Born
  • Born
  • Lysanda
  • Posts: 2

Post 3+ Months Ago

Hi , am a newbie

Am currently working on a project, and i need major help!
Can you tell me what i need to solve this problem,

The organisation that am working for, have a customer registration form.
using php to put the data in the web server database.

however due to security reason the organisation want to set up their own local mysql database ( on their own local pc computer , 24 hours connected to the internet)

what do i need to move from the web hosting msql database to
the local mysql database.

any help is greately appreciated.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

OK, let me see if I have this right.

You run/manage this company's site, which is primarily coded in php for access to a mysql db you also presently maintain. Additionally, they, said company, would prefer to have you manage the front end and middleware, but retain said back end db at their location?

So they want to long-haul db requests across the open internet with not so much as a VPN between? Are they mad? For "security concerns", they will open up db query access through their perimeter into a local machine?

Wow.

That has to be (nearly) the most ridiculous thing I have heard.

PHP gives you the option to connect to any mysql location you wish, just change the hostname.

Wow.
  • Casey
  • Graduate
  • Graduate
  • User avatar
  • Posts: 124
  • Loc: Iowa

Post 3+ Months Ago

I agree. Running a mysql database on another host as a fantastic idea as far as security and performance are concerned, but if they're not at the same location it is utterly foolish.

I'd recommend keeping them on the same machine if you can't keep them in the same location.

Besides, If you are really worried about security, you can probably pay someone to analyze the scripts. Most pages are pretty safe unless the coder doesn't know what he/she is doing.
  • placid psychosis
  • Proficient
  • Proficient
  • User avatar
  • Posts: 284
  • Loc: Warsaw, IN

Post 3+ Months Ago

Eh, off-site database isn't too bad if you wrap it with SSL. Your biggest concern there is sniffing out the queries and data.

You also would want to write your code to be more defensive, and verify data and check connection status more often. There is a lot that can go wrong with an off-site connection. A call to mysql_ping() is probably a good idea before any queries are run to insure the line is still up.

But generally it's a bad idea. If you must remove the database from the Web server, I wouldn't remove it from the server's internal subnet. If the end result is still a server exposed to the 'net, it's not more secure. Ideally you'd want to disable TCP/IP networking on the database and connect soley with sockets on the localhost.
  • Uncensored-Hosting
  • Proficient
  • Proficient
  • User avatar
  • Posts: 383
  • Loc: Los Angeles

Post 3+ Months Ago

Lysanda:

How is the local PC being secured? Why do they think that this would be more secure than leaving the data on the webserver?

Lysanda wrote:
however due to security reason the organisation want to set up their own local mysql database ( on their own local pc computer , 24 hours connected to the internet)

  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

placid psychosis wrote:
Eh, off-site database isn't too bad if you wrap it with SSL. Your biggest concern there is sniffing out the queries and data.


I disagree; your largest impediment would be IO (default timeouts, replication woes, etc. ).

There's a reason why large-scale enterprise solutions involve back-end VPN's for site to site transfer, replication and data mining -- speed and efficiency.

Most people tend to keep there data sources several zones removed from the open Internet -- and wisely so. So, an effective policy states demarkation between zones, will ssl termination. Tearing up and breaking down multiple ssl connections seems haphazard and kludgy, not to mention a god-awful hack.

IMHO. :)
  • placid psychosis
  • Proficient
  • Proficient
  • User avatar
  • Posts: 284
  • Loc: Warsaw, IN

Post 3+ Months Ago

Yes, I was talking about why you'd want to use SSL, not the general problem of having it off-site. I was just pointing out the security aspect, as that's the motivation behind this thread. But yes, I/O and connection issues are a HUGE part of it, too.
  • Lysanda
  • Born
  • Born
  • Lysanda
  • Posts: 2

Post 3+ Months Ago

Hi
thank you guy,
i have a talk with one of the networker, he said currently the oganisation is with optus, and to change to the local database,
then we need some sore of static IP address for the local pc( database)

so here how it go,
the user input some data into a web form --> the web form is submit to the web hoster who support php, then in the php script we just change the domain name with the IP address, that should allow the data to be transfer to the local pc(database) rather than the web server database.

yeah in term of security i don;t know much about that either,
i will try to talk to the security guy, see why they choose to change the database,
but there are a few other reason why they want to change it.
-the first is secuirty
-the second is that data is growing, and they don;t want to pay the web hoster for more database space

by the way they also want user to put upload picture, and the picture they want to save to their local pc as well.

I don;t know a lot about ssl, but yeah i think we are planning to use that as well, there 5 other team member within the project.

am just the newbie guy so yeah i just wait and learn :)
thx again
  • Uncensored-Hosting
  • Proficient
  • Proficient
  • User avatar
  • Posts: 383
  • Loc: Los Angeles

Post 3+ Months Ago

Lysanda:

I have no idea where you are hosting this database or proposing to host the same. However if the diskspace required are cost prohibitive then I strongly suggest they/you find another provider. As previously stated the security of the database will be degraded not improved by such a transition.



Lysanda wrote:
yeah in term of security i don;t know much about that either,
i will try to talk to the security guy, see why they choose to change the database,
but there are a few other reason why they want to change it.
-the first is secuirty
-the second is that data is growing, and they don;t want to pay the web hoster for more database space

by the way they also want user to put upload picture, and the picture they want to save to their local pc as well.

I don;t know a lot about ssl, but yeah i think we are planning to use that as well, there 5 other team member within the project.

am just the newbie guy so yeah i just wait and learn :)
thx again
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

You know, there's an old adage; "Keep your friends close and your databases closer."

Well, ok, perhaps not. ;)

Here's another issue, as I see it. (Again, YMMV, and I could be not following you).
You say they want to host the db on a local PC, as in, in the local office?

Lord. That opens up a whole other can of worms. Hosting centers have large pipes, that is a lot of bandwidth for which to serve a site. Typically, office LANs are limited and rarely use more than 100Mbps connections, and use minimal routing technology (certainly not to the scale of a hosting center). Forget for a moment that offices typically do not have redundant hardware and you are now creating a soft, single point of failure...you are also utilizing the same bandwidth that other organizational members require for daily use.
I won't even go into the security ramifications of having a db, used to serve content across the open Internet forwarded through to a local LAN?!

That makes the aforementioned scenario even more ridiculous -- if that was at all possible.

There are countless reasons why that is a 'bad idea'(TM), but it seems pointless to list them.

Take my advice; hire a consultant, because this is destined for failure in so many ways, you do not want to be in front of the firing squad. ;)

Cheers.
  • Casey
  • Graduate
  • Graduate
  • User avatar
  • Posts: 124
  • Loc: Iowa

Post 3+ Months Ago

Quote:
Keep your friends close and your databases closer


LOL!!!! Maybe I'm just a geek, but that's funny! True too...

Post Information

  • Total Posts in this topic: 11 posts
  • Users browsing this forum: No registered users and 16 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.