On 05/13/10 09:21, Leonardo F wrote:
> Hi all,
>
>
> we're going to deploy a web app that manages users/roles for another
> application.
>
> We want the database to be "safe" from changes made by malicious
> users.
>
> I guess our options are:
>
> 1) have the db listen only on local connections; basically when the
> machine is accessed the db could be "compromised". Hardening the
> server access is the only true security defense we have.
>
> 2) Use, as user/password, the same user/password used to
> enter the web app. Basically there would be a 1 to 1 matching between
> our app users (and password...) and the db users (with proper
> permissions...)
>
> I'm not a great expert on these things (as you've already guessed...).
>
> Can someone help me?
As you already figured out, the key is protecting both the application
and the db server from intrusions. If anyone gets unauthorized access to
either of them, especially if it's root access, any and all security you
build on top of that will in all likelihood collapse.
Personally I would lean toward making the bulk of security within the
application so to simplify everything - the database would do what it
does best - store and manipulate data - and the application would be the
single point of entry. Protect the servers - keep the applications (like
ssh, php, apache, your application) updated and make sure you have good
and frequent backups.