Re: denyhosts-like app for MySQLd?
> I know it's not easy. but depending on your customers, you may have some
> chances!
> - if they can buy a license for sqlyog, it will support sql tunnels
> directly (otherwise, you need an external tunnel, which you can setup
> with putty or whatever).
This option is, simply, impossible. We cannot "force" the final
customers to adquire any kind of product.
> - it should not be hard to use an ssl tunnel (stunnel or whatever)
Mmmmm.... it means easier than ssh-tunneling (from customers pint of
view). I have to investigate this method carefully.
> - you might be able to ask what IPs are supposed to get there. even if
> it's not precise, this could reduce risks by only allowing few networks.
Yes. We already have done it, but the related problem is a lot of
customers don't have static IPs.
> This is generally consider "security by obscurity". I don't think so.
> This is making it harder for an attacker to get there without being
> noticed. while a script kiddie can run his script to try a stand port,
> if he wants to get inside a "local" port, he'll need to try many ports
> and for each port try the right protocol. This gives us time to get him.
;)
--
Thanks,
Jordi Espasa Clofent
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 15 之 15 篇):