Database Reference
In-Depth Information
• If our database is part of a project inside the company for a product in the
early stages of development, we might not want the salespeople, for example,
finding out about it until it is ready.
• At the very least, when we connect to the server remotely, we must always
do so securely using SSH or an encrypted tunnel. And if we don't know how
to do so we need to learn right away.
Internet security
The last ring is the outside world, that is, the Internet. Generally speaking, we don't
want to expose our MariaDB database server directly to the Internet ever. It's not that
MariaDB is especially vulnerable, any more than any other piece of software, it's just
that it's almost never necessary to expose it to the Internet and part of good security
is to not expose something unless we have to (in the same way that a poker player
doesn't want to reveal his hand to the other players, or the rest of the world). When
MariaDB is running on a web server, the web server software can directly connect with
no need for a network connection. If our MariaDB server is separate from our web
server, then we can almost always connect the two of them together over our internal
network and if not, we can set up some sort of secure tunnel between the two.
If you do think you've found a legitimate reason to expose your
MariaDB server to the entire Internet, I strongly encourage you to talk
with one of the many fine MariaDB consulting companies and have
them help you work out an alternative solution.
Summary
In this chapter, we learned a bit about how to secure our MariaDB server. Security is
a big topic, and cannot possibly be covered completely in a single chapter. There are
many resources, both online and offline, to help you learn more about this important
topic. But don't limit yourself to topics or articles about securing MariaDB or other
databases; also take the time to learn about system, network, and physical security.
That said, the most secure safe in the world is one with no doors, windows, or other
openings of any kind, but it's not a very useful or safe if you can't access it when
you need to. So in the next chapter,
MariaDB User Account Management
, we'll make
our currently secure MariaDB server a bit more useful by adding user accounts and
learning how to manage them.
