This is not a question for the insecure. Get it? HAHAHHA!

*shuts up*

Sorry.

Actually, I do have a question:

I am running mysql on a Windows XP machine behind a firewall, and only the web server with the php pages can access it.

How secure is this? What I mean is, is it REASONABLY possible that someone can get through my firewall and access my databases? Or would they first have to hack into the web server, and from there get into the mysql server?

Please DO NOT speculate how someone could go about this, as I am sure the moderators would not appreciate it. I am looking for a response that has to do with the probablity of being hacked/secureness of my set up...

Thanks!

While I don't even pretend to be a sercurity expert, I'm quite certain that the only way to access your database would indeed be to hack the web server. How hard/easy that would be would depend on the setup, I'm sure.

Note: If other people have access to this server (ie. you offer hosting) that will make it much easier for people to hack...

This helps. Just to clarify, I take it that you mean that because the database server is behind a firewall, it is pretty much safe.

I kind of figured that was the case. The web server is very secure.

Anyhoo, thanks once again, pyro-man! You are, as we afficonados say, "On the f*cking ball!"

Props, and all that crap.

Glad I could help, though as I stated earlier, that was just an educated guess...

if you are using windows xp instead of using a firewall use tcp ip filtering and only allow incoming connections to port 80 and dont allow any udp connections. tcp ip filtering is a lot more secure then most software firewalls which can be dos easily or bypassed pretty easily.

I am actually using both xp and a firewall, but I like your idea.

Now comes the cool part, by which I mean, of course, the uncool part:

I do not know how to do this. Is this a function of XP? Can you point me in the right direction?

Thanks!

I'm not an expert at security either, but have been hacked a few times (yes I hate it). However I am much the wiser for it.
First if you are using XP's built in firewall you are already using tcp/ip filtering...in fact this is the way that most firewalls work. But if you want to check the ports go right click your Local Area Connection icon go to properties. Use the Advanced tab, now click the settings button and that shows you which ports are blocked etc. If you are using the default the likely hood is that all of them are blocked (incoming).
Second don't take anyone's word for your data's safety. Always be on the lookout. Sounds paranoid...I know, but it works. So with that in mind check out (often) MS Knowledgebase about the firewall. (Esp. if you update ipv6 there seems to be some issues with their firewall).
Hope that helps, and hasn't bored you to death or made you :rolleyes: .

Not at all - extremely helpful!

Thank you!

Although I am using an external firewall, I will check the XP settings too!

Thanks!

Well, an external firewall is usually a lot better then the windows xp firewall.
When I set up networks for clients I usually use an external firewall. It's alot easier to control overall. Not to mention the consumer firewalls that you buy right off the shelf at like Circuit City, Best Buy, etc. are getting much much better.
Alot of these are using opensource projects such as iptables (http://www.netfilter.org/).
But that's good. I really don't like XP's firewall all that well. It's almost like a last thought. Unlike Linux (most distros) already have the firewall activated in the kernel. And contrary to popular belief (I say this because most of the people I work with believe this) my linux boxes are the most secure that I have on the network.:D

OH and warning!! If you have an external firewall and activate XP's firewall you may block all of your traffic. In other words not be able to go anywhere online.