This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JDBC and the fly likes Security problems with mysql? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Security problems with mysql?" Watch "Security problems with mysql?" New topic
Author

Security problems with mysql?

Mathias Nilsson
Ranch Hand

Joined: Aug 21, 2004
Posts: 367
Hi!

We have opened the port 3306 so that applets can access the mysql server. Is there any security issues to be aware of? Is there any problem on letting the port be opened?

// Mathias


SCJP1.4
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41125
    
  45
One big security risk is letting someone from the outside send unchecked SQL into a DB. That's why applets almost never use JDBC, and even less so over a public network. I take it that only properly authenticated users can run the applet? Even if that's the case, use only stored procedures (that also perform parameter checking), and don't give the MySQL account used by the applet rights to issue raw SQL (like INSERT, UPDATE, DELETE).

That's just general advice. I'm not familiar enough with MySQL to speak about its security history.


Ping & DNS - my free Android networking tools app
Mathias Nilsson
Ranch Hand

Joined: Aug 21, 2004
Posts: 367
Can I use SSH with the applet?
I have astablished a SSH connection but the applet won't go through the tunnel. Do you know why?

// Mathias
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41125
    
  45
SSH is for shell access, i.e. mostly terminal sessions. JDBC wouldn't know what to do with it.

Most databases support access through SSL-encrypted sockets instead of raw sockets, although I'm not sure if MySQL does. That might be worth looking into.
Mathias Nilsson
Ranch Hand

Joined: Aug 21, 2004
Posts: 367
Thanks!

I'll look in to SSL. Is there any way to get JDBC to talk through SSH?

// Mathias
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Security problems with mysql?
 
Similar Threads
MySQL localhost
Security question
MySQL is driving me nuts
MySQL Communications Error between application server and MySQL server
cant access my application