myself testing a mysql/maria database server enviroment in a vps.
so the web app is together with the database.
for desktop app i used ssl connection to mysql.
to protect a vps you need expert knowledge. (for testing there exists free online services)
json, xml, object serialization between server & client.
making web apps (to use at phone) are a little bit tricky because network connection, sessions, app will restart, ssl certificate.
for geolocation at android phone in chrome browser ssl is mandatory.
[quote]Your authentification and your data transfer is completly unencrpted so everybody in between can read everything in cleartext.[/quote] i not agree if u use ssl.
why do you fear open ports, there is ssl and certificates? nobody will see login data or transfer data.
if web app + database is on the same server where is the problem.
if desktop app use ssl where is the problem.
i agree with that open ports can be misused and software behind can crash if it would let connect everything.
the biggest security risk is the installed open source software with this “endless” dependencies, especially at linux.
First you mean TLS not SSL. Second this is not secure either. Every Proxy Server or Man in the middle can put himself in between because in 99,9% either mySQL/MariaDB or your app is checking the certs and the hosts. In Enterprise networks with Deep Packets Inspection Firewalls this is sometimes mandantory. You may use your fav search engine for words like fragrouter, dnsspoof, webmitm, ssldump or urlsnarf if you want to play around with MITM methods.
Interesting statement, so why you are using Open Source MariaDB, openSSL Libs and SSH then?
“Man in the middle” all admin people that are working at ionos as example? or Mr. Zuckerberg.
typically both device need a certificate to trust each other.
means for TLS you need a authentication with certificate. (the link above with ssl enabled should do it)
because its free.
just be aware of “sudo”, same for windows if you install something with Admin permissions.
Better read the licenses for them as they are NOT free for commercial use
If you want a truly free for any use database use PostregSQL
End do NOT expose you db directly to the internet
Put some service in between as then the service has to be hacked first
And that service can do a better job of hiding what DB is used
That information alone can be used to hack the DB itself as there are known vulnerabilities for most of them