Federated engine in MySql

Gordon Burditt

2010-10-31 00:38:50 UTC

Post by ANF
I have no background in php or MySql but I'm learning quickly because this
There are two servers using MySqL. I have the remote ip connection data
for one server but not for the 2nd server. I have been refused these
details for the 2nd server on the grounds that it is a security issue.

Unless the security issue is that you may not access that database
*from the webserver* (or anything in the DMZ) as distinguished from
*at all*, it's pretty much game over. Abandon project, or set up
a separate registration system on your website. Nobody will be
able to answer your question without knowing what the security
concern is and what access requests will be granted.

Post by ANF
Users of content on my website, register (username and password) on the
2nd server.

Register *how*? Do I presume correctly that there is a second web
server which has connection data for and access to the second MySQL
server? Is it possible to have the first web server ask the second
web server to check the login credentials? (First web server sends
HTTP request to second one and gets answer. Seriously consider
this; it may be the only way to do what you want given existing
security restrictions). Incidentally, I wouldn't set this up without
asking for explicit permission from the operator of the second web
server. Doing this is a great way to get your server banned for
apparent password-cracking attempts. If you both work for the same
employer, it may be a good way to get fired.

Is it possible to have the first web server ask the user's browser
to ask the second web server for this protected content, instead
of putting it on the first web server?

Post by ANF
The first server contains content that requires login (same
username/password stored on the other server database). In effect the
databases have to link. I did think of storing a table with
authentication details on the first server - i.e. a copy of the
registration table on the second server.

What makes you think you will be granted access to this? It's going
to be an *OUT OF DATE* copy (even if it's only 10 minutes out of
date. It will foul up for a while after a user changes his password).

Post by ANF
Thus authentication takes place
directly. However, I've been told it is not a good idea to have two
tables with the same info for the same purpose in php.

Normally, if you are refused access to something for security
reasons, you should be refused access to copies of that something
also for the same reason.

Post by ANF
MySql provide a
'federated engine' solution for cross server access but I don't think that
applies here as quieries (it seems to me) are only one way. Am I wrong
about this? Does the federated engine present a possible solution? Any
ideas would be most welcome. ANF

Guess what information the federated engine requires to access the
2nd MySQL server that you have already been refused access to? (If
it's an issue of where the query is coming from: your web server
is in the DMZ and the two MySQL servers aren't, this might be a
solution. However, you've still been refused access to login
credentials for the 2nd MySQL server).

If you can query the first MySQL server which queries the second
MySQL server to do a password validation, this should work. However,
you should be refused permission to set that up.