I write a lot of VB.NET Windows desktop applications that communicate centrally to MySQL servers. All of the desktop applications use the official MySQL connectors and all users in the system are set to REQUIRE SSL. I've got permissions on databases, tables, and columns very locked down. So all remote connections are encrypted, very secure passwords, etc. This has all worked very well, I see great results in providing a strong database backend to my Windows applications.
After the recent vulnerability found in MySQL, which doesn't appear to affect BSD systems, it's got me thinking more about security. Are there other approaches for connecting into the central MySQL server other than directly to it via the Internet? Does anyone have positive or negative things to say about this approach? Clearly I understand the security implications and the need for encryption and strong passwords and permissions, but I'm open to looking at this requirement in a different light.
It's possible what I'm doing is just fine so long that I'm paying very close attention to security advisories, and maintaining strong security practices both on the server side and the client side.
Thanks for any thoughts you can contribute!
After the recent vulnerability found in MySQL, which doesn't appear to affect BSD systems, it's got me thinking more about security. Are there other approaches for connecting into the central MySQL server other than directly to it via the Internet? Does anyone have positive or negative things to say about this approach? Clearly I understand the security implications and the need for encryption and strong passwords and permissions, but I'm open to looking at this requirement in a different light.
It's possible what I'm doing is just fine so long that I'm paying very close attention to security advisories, and maintaining strong security practices both on the server side and the client side.
Thanks for any thoughts you can contribute!