aspose file tools*
The moose likes JDBC and the fly likes Security problems with mysql? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Security problems with mysql?" Watch "Security problems with mysql?" New topic
Author

Security problems with mysql?

Mathias Nilsson
Ranch Hand

Joined: Aug 21, 2004
Posts: 367
Hi!

We have opened the port 3306 so that applets can access the mysql server. Is there any security issues to be aware of? Is there any problem on letting the port be opened?

// Mathias


SCJP1.4
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42599
    
  65
One big security risk is letting someone from the outside send unchecked SQL into a DB. That's why applets almost never use JDBC, and even less so over a public network. I take it that only properly authenticated users can run the applet? Even if that's the case, use only stored procedures (that also perform parameter checking), and don't give the MySQL account used by the applet rights to issue raw SQL (like INSERT, UPDATE, DELETE).

That's just general advice. I'm not familiar enough with MySQL to speak about its security history.


Ping & DNS - my free Android networking tools app
Mathias Nilsson
Ranch Hand

Joined: Aug 21, 2004
Posts: 367
Can I use SSH with the applet?
I have astablished a SSH connection but the applet won't go through the tunnel. Do you know why?

// Mathias
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42599
    
  65
SSH is for shell access, i.e. mostly terminal sessions. JDBC wouldn't know what to do with it.

Most databases support access through SSL-encrypted sockets instead of raw sockets, although I'm not sure if MySQL does. That might be worth looking into.
Mathias Nilsson
Ranch Hand

Joined: Aug 21, 2004
Posts: 367
Thanks!

I'll look in to SSL. Is there any way to get JDBC to talk through SSH?

// Mathias
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security problems with mysql?