Re: denyhosts-like app for MySQLd?
- From: Jordi Espasa Clofent <jordi.espasa@xxxxxxxxxxx>
- Date: Wed, 23 Jan 2008 22:34:10 +0100
I know it's not easy. but depending on your customers, you may have some chances!
- if they can buy a license for sqlyog, it will support sql tunnels directly (otherwise, you need an external tunnel, which you can setup with putty or whatever).
This option is, simply, impossible. We cannot "force" the final customers to adquire any kind of product.
- it should not be hard to use an ssl tunnel (stunnel or whatever)
Mmmmm.... it means easier than ssh-tunneling (from customers pint of view). I have to investigate this method carefully.
- you might be able to ask what IPs are supposed to get there. even if it's not precise, this could reduce risks by only allowing few networks.
Yes. We already have done it, but the related problem is a lot of customers don't have static IPs.
This is generally consider "security by obscurity". I don't think so. This is making it harder for an attacker to get there without being noticed. while a script kiddie can run his script to try a stand port, if he wants to get inside a "local" port, he'll need to try many ports and for each port try the right protocol. This gives us time to get him.
Jordi Espasa Clofent
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: denyhosts-like app for MySQLd?
- Previous by thread: Re: denyhosts-like app for MySQLd?
- Next by thread: Re: [fbsd] denyhosts-like app for MySQLd?