I'm needing to synchronise two mysql databases between different servers on a regular basis, by a client-initiated interface. I've been doing it by remote MYSQL connection, and adding the IP of the servers to the whitelist for MYSQL remote connections. Problem is however, that the client has a dynamic IP, so as soon as it changes they can no longer sync.
So I'm trying to find an alternative way of synchronising the two databases via some sort of secure php script.
edit: I should make this a bit clearer. I've got a server (WAMP) running on a PC (Win7) the database of which I need to synchronize (both ways) to an online server. I've been doing it via remote MySQL connect, which I'd like to avoid because of dynamic IPs, and also because the local WAMP server connects to different internet connections (being a laptop) and needs to not be restricted to one IP.
However you want to synchronize the databases (replication, a PHP script, etc.), the best way to secure it would be to either use an IPSec/VPN or SSH tunnel to encrypt all the communication between the two servers. Then you'd just open a regular mysql or http connection through the tunnel.
Using either method, you'll have access to a variety of authentication modes. So you could use a pre-shared key or username/password authentication or both.
You can use an SSH client like PuTTY to initiate an SSH tunnel on a Windows systems. Or if you google IPSec and XAuth, you should be able to find some guides on how to set up an authenticated IPSec VPN.
Related
I have a MySQL server installed on an Nginx server on Debian 8.
The production page on the server, say example.com has SSL installed in it.
This MySQL server will be used along with PHP to set and retrive data.
Now I am confused whether to add SSL for the connection between client and MySQL server? What is the best practice?
If the traffic runs through app to MySQL locally, your traffic is secure (as long as your linux server is secure).
You don't need ssl for MySQL to app if the app only accesses MySQL locally.
You need ssl if anyone will be accessing MySQL remotely or if your app server is remote.
You will need to worry about those two things the most.
Transport Security. Does MySQL traffic ever leave your local network? If so, is it encrypted during transmission? If you are doing everything locally, then you have nothing to worry about. If your database connection goes across internet, make sure to use SSL.
System Security. Is your MySQL server accessible from internet? Does it need to be? If not, just add rule into iptables to block all incoming traffic to 3306 that's not from localhost. Also make sure that you are using strong SSH passwords and implement fail2ban, or allow key based authentication only.
SSL is good to help protect your clients. Sniffing packets may be thwarted by SSL. For example, if someone does a credit transaction, the credit card data would not be in plain view, as the data moved between the client to the server. However, SSL is not a way to protected your SQL resources, which is backend between the web serer and SQL database server. You need to run "mysql_secure_installation" for a mysql database, and design you PHP code to prevent SQL injection issues, for example. So, yes, SSL is very important to protect your clients, but other design factors are needed to protect your backend server assets.
I want to connect to a remote database from my localhost, but the remote DB only allows connections from whitelisted IPs.
Since I'm on a dynamic IP from my ISP, I can't have my home IP whitelisted, because it will just change again.
I have a VPS with full root access and a fixed IP, which is whitelisted.
What I want is to:
Run a php script from my local machine
Connect to the remote database via my VPS
Get the query results back to my local machine for handling
How do I do this?
Having a PHP proxy to execute arbitrary SQL statements from any IP address is really dangerous. I would suggest you abstract the SQL statements into an API, so rather than allowing any query through, you limit it to a specific set of queries to retrieve or update specific data. Your local machine could then just call that API to retrieve or update information.
The key problem you need to solve is finding a host with a static IP address you can add to the whitelist. You say that you have already solved that problem. However you have not mentioned what OS is running on the vps nor the client. If both are Linux, then you can do this with just iptables. If either or both are mswindows then you could use socat, but if it were me, I'd go with a stunnel link between the client and proxy (although if the whitelist on the server is only applied to the mysql connection, you could terminate the stunnel connection on the server and skip the proxy altogether) using client certificate authentication or an SSH tunnel.
apparently my hosting provider does not support Remote MySQL Usage as it says in its Knowledge Base even though i bought a premium package
remote MySQL connections are disabled for security and performance reasons. You can only connect to MySQL from your PHP scripts hosted on our servers.
is there any way i can make an API so that i can connect to my MySQL Remotely ?. i need to use the Database in my Host Account as a source of information for my Android Application. thanks
You should look into using something like a HTTP Tunnel.
This post outlines a method of doing this for Android.
Basically you connect through this tunnel which is placed on your server, and can the communicate with the server as if you were localhost.
SSH is also another option, although you'll need remote SSH access enabled by your host. That's normally something you'll have to specifically request for them to enable.
You would then create an SSH tunnel using a technique like this and then use that as your connection for your database. Once you've initiated the connection you would then query it as normal.
There are possibilities here.
Your hosting provider may have allowed access of the database only
on certain IP(s) on certain PORTS. In this case, you cannot access
the database even if you write API's because the connection is not
open to the IP/PORT through which you are accessing through.
The database admin can also block access to certain table(s) or
database(s) for certain users.
I have a webserver which support MSSQL only. I need to install WordPress on the server. Thus I wonder if it is possible to use a distinct server for MySQL. I already tried it, but got error Error establishing a database connection.
So there are a couple of questions:
In theory, is it possible to install wordpress using a server for php and another for mysql?
Is it possible that the server providers have security restrictions so that any of the two wouldn't allow connection from the other?
Are there free server providers dedicated to MySQL? Could you please recommend (a preferably lightweight one) ?
Yes, you can use one server for your web server and another for your database. When you are configuring WordPress you would supply the hostname (or IP address) for the database server instead of localhost. This is a common set up that allows you to scale the two servers independently.
Your MySQL server will have to be configured to allow network connections. You'll also want to configure a firewall to only allow connections from your web server(s).
Amazon will host MySQL for you in the cloud, so will EngineYard. Google for "Hosted MySQL" for more results.
I need consume two services from two differente providers.
I need connect with one SOAP server (WSDL), this code works correctly, the server required use SSL, but the problem is, in the same application, we need connect against another server who uses VPN and XML over HTTP, how can make this works correctly.
How separate this two ways of connection
Configure your network properly. This is nothing that PHP can influence. All PHP can do is connect via the network to a target server using HTTP or HTTPS. So if the server can ping and connect to both services on the command line (try to download the WSDL or any other resource with wget or curl), it will work.
If not, you have to find out how the servers are to be called (domain names), which IP they have, if the domain name properly resolved to these IPs, and if that IP is actually reachable by network (using a VPN does not really make a difference, it simply is another network connection).
Unfortunately going into these network details is probably beyond the scope of an answer here.