mysql user/pass

[pilot830]

lets say my mysql user and password are

username: mysite
password: 8762gf81fa

and my site in the config file has this user/pass plugged in
and then my file servers, they also have the same user/pass plugged in the config file

i was thinking, is this bad?

would it be better if for each file server, in the config file, i put in a different mysql user/pass, that still had privileges to the database ?

but then it probably wouldnt make things any more secure, because even if you set a different user/pass for each file server config file, the user/pass still needs access/privilegse to the database regardless

just was thinking of how to increase security

 

[paypal1352]

Set up your firewall to allow access to your db only from localhost and certain ip's then add the ip's of your servers and that should be all you would need to do

 

[sukhman21]

Firewall is what i use as well but say in case someone hacked in your fileserver -- they can make whatever changes to your SQL from there.
I have restricted database access to the users in fileservers so only my main server is writing stuff to the database and all the fileservers have read-only access to my SQL.
Then again if someone got in my main server - they can have full access to everything but i got multiple security measures setup on my main server.. I see lots of bruteforce attacks but i use snort and fail2ban and it is working great..

 

[enricodias4654]

Firewall is what i use as well but say in case someone hacked in your fileserver -- they can make whatever changes to your SQL from there.
I have restricted database access to the users in fileservers so only my main server is writing stuff to the database and all the fileservers have read-only access to my SQL.
Then again if someone got in my main server - they can have full access to everything but i got multiple security measures setup on my main server.. I see lots of bruteforce attacks but i use snort and fail2ban and it is working great..

The fileservers also need to write into the db. The downloads must be logged, the stats, the rewards in the rewards plugin, the download tracker... You can't just prevent them to write.

If someone gets access to your server, it's over. Having a different mysql user to fileservers doesn't increase security.

 

[paypal1352]

i think with the above and you can always have a daily sql backup as a cron job, this is much easier now with the improved sessions so the db isnt GB's in size. If someone really wants to get in I dont see any other way other than bruteforce and fail2ban will take care of that, although i think the names strange it should be neverfail2ban because its blocked me several times and its my server

 

[pilot830]

If someone gets access to your server, it's over. Having a different mysql user to fileservers doesn't increase security.

This is basically what i was getting at or wondering, i guess that kinda sucks..

 

[sukhman21]

not sure what type of security everyone is using, maybe we can all mention our security software here: i am using snort, iptables and fail2ban.. so far its working great for me.

 

[enricodias4654]

not sure what type of security everyone is using, maybe we can all mention our security software here: i am using snort, iptables and fail2ban.. so far its working great for me.

Cpanel with spf is pretty secure if you follow their security recommendations.