On 14 May 2010 09:08, Leonardo F <m_lists@yahoo.it> wrote:
>> Personally I would lean toward making
>> the bulk of security within the
>> application so to simplify everything - the
>> database would do what it
>> does best - store and manipulate data - and the
>> application would be the
>> single point of entry. Protect the servers - keep
>> the applications (like
>> ssh, php, apache, your application) updated and make
>> sure you have good
>> and frequent backups.
>
>
>
> Thank you for your reply.
>
> Anyone else? How do you "secure" your db used by
> webapps?
Basically what I've said:
1) find all points of entry to the db (i.e. the application), secure them
2) keep the server itself secure (applications patched, firewall
enabled with custom rules to protect the db if necessary, only trusted
local users etc.) If the app and the db are on different servers,
consider a direct (patch cable) link between them or if the structure
is more complex a switch, remove them from Internet, possibly make a
DMZ, etc.