Using dreamhost mysql from another site possible?


#1

and if possible, is it a security risk for the password to be flying over the internet?


#2

From what I understand using MySQL remotely is not allowed for the exact reason of security. For one it protects dreamhost from allowing its users to use thier services for sites that they dont host. And it also protects YOU so that someone cant crack into your database by finding out your username and password and either changing or deleting your database…

While I dont condone it and I warn you it may have serious reprocussions on the security of your database and your site as well as your hosting plan with dreamhost…
I guess one way around this might be to do the following:

Write a script that takes in an sql string via post or get and executes it and dumps the result to the page. (extremely unsafe)
Put the script in a folder protected by username/password via .htaccess / .htpasswd

Then on the remote site you could write a script that parses the html link to the script aka you would have the script open the website like http://username:password@www.yoursite.com/script.cgi?sqlquery='select something from something’

Once you do that you can parse the results into a variable and your at square one as if you had just queried the DB from the local site…


#3

cool, but I guess I should first find out if this is legal, I’ll ask support. Thanks


#4

Security implications not withstanding, this is legal and completely possible and I have done it myself. In addition to technologies supported by Dreamhost, I also do some stuff with Cold Fusion. My friend set me up with some space, but his CF host uses SQL Server and/or Access which didn’t particularly appeal to me.

He created a datasource for me that refers to my MySQL database and host name on DH. In my CF code I invoke the datasource which connects from that server to my database on Dreamhost. It works fine, but the username and password have to be present in the connection string. The only other task was to configure the MySQL database on DH to accept connections from the remote server this code is hosted on.

While this is in code that renders server-side, and connects to a database that has non-critical data for testing, there is a possibility of someone seeing connection info if the CF page blows up. That wasn’t the point of the OP’s question though.


#5

You do need to explicitly open access for a user from an IP address. (you can do a range of addresses but that just seems too scary to me)

See the Goodies/Manage MySQL page and select a username. You can then IP addresses that are allowed to connect.

There ARE security issues and big DB usage can get you in BIG trouble and get you bounced. So, know what you’re doing and be sure that you’re willing to risk your hosting.

Wholly


#6

You can also use a server host name with wildcards, since most of the time you’re working with dynamic IPs on shared hosting.

To reiterate the security risks involved, I don’t recommend doing anything with any sort of sensitivity at all. My database only holds data that I serve up to a webservice, and none of it is risky to show publicly.