Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Security problems with mysql?  RSS feed

 
Mathias Nilsson
Ranch Hand
Posts: 367
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!

We have opened the port 3306 so that applets can access the mysql server. Is there any security issues to be aware of? Is there any problem on letting the port be opened?

// Mathias
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One big security risk is letting someone from the outside send unchecked SQL into a DB. That's why applets almost never use JDBC, and even less so over a public network. I take it that only properly authenticated users can run the applet? Even if that's the case, use only stored procedures (that also perform parameter checking), and don't give the MySQL account used by the applet rights to issue raw SQL (like INSERT, UPDATE, DELETE).

That's just general advice. I'm not familiar enough with MySQL to speak about its security history.
 
Mathias Nilsson
Ranch Hand
Posts: 367
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can I use SSH with the applet?
I have astablished a SSH connection but the applet won't go through the tunnel. Do you know why?

// Mathias
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SSH is for shell access, i.e. mostly terminal sessions. JDBC wouldn't know what to do with it.

Most databases support access through SSL-encrypted sockets instead of raw sockets, although I'm not sure if MySQL does. That might be worth looking into.
 
Mathias Nilsson
Ranch Hand
Posts: 367
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks!

I'll look in to SSL. Is there any way to get JDBC to talk through SSH?

// Mathias
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!