Security Best Practice
As part of your security best practices, your ecommerce database server should not be accessible remotely (across the internet or WAN). For example, assuming standard ports, your firewall should block port 1521 for Oracle and port 3306 for MySQL.
There is no need for customers to access your database directly. Applications running locally on the box should access the DB on behalf of the customer.
Secure Remote DB Access by Developers and DBA via PuttySSH Tunnels
While standard ports are blocked, it may still be necessary for Developers and DBAs to access the DB server remotely and do so securely if they have SSH access to the remote server.
PuttySSH Configuration
The following shows PuttySSH configuration setup to use SSH Tunnel or port forwarding to create a seemingly local access securely to Oracle and MySQL DB servers running on a remote host.
1. Run Putty.exe to bring up the config dialog:
Sqldeveloper Remote Database Local Access Configuration
1. In Sqldeveloper, Right-click on Connections, Select New Connection as shown
Additional Info:
If you do not see or cannot select MySQL tab in Step 3 above, it is most likely because you have not integrated a suitable MySQL connector with your Sqldeveloper installation. You can easily resolve this issue - you can add MySQL connection to your Sqldeveloper installation by following straightforward instructions compiled earlier by MySQL DBA in Installing and Configuring Oracle SQL Developer with MySQL
As part of your security best practices, your ecommerce database server should not be accessible remotely (across the internet or WAN). For example, assuming standard ports, your firewall should block port 1521 for Oracle and port 3306 for MySQL.
There is no need for customers to access your database directly. Applications running locally on the box should access the DB on behalf of the customer.
Secure Remote DB Access by Developers and DBA via PuttySSH Tunnels
While standard ports are blocked, it may still be necessary for Developers and DBAs to access the DB server remotely and do so securely if they have SSH access to the remote server.
PuttySSH Configuration
The following shows PuttySSH configuration setup to use SSH Tunnel or port forwarding to create a seemingly local access securely to Oracle and MySQL DB servers running on a remote host.
1. Run Putty.exe to bring up the config dialog:
2. Select Tunnel
3. Oracle Tunnel setup: For source port enter 127.0.0.1:1521 and for Destination enter 127.0.0.1:1521
Enable Local radio button and Click Add
Enable Local radio button and Click Add
4. MySQL Tunnel setup: For source port enter 127.0.0.1:3306 and for Destination enter 127.0.0.1:3306 then Enable Local radio button.
5. Click Add
6. Select Session on the left pane. In Host Name or IP address enter the IP address of the remote server where both the Oracle and MySQL servers are running. Port is 22 for SSH. Name this session Oracley-MySQL-Tunnel1
Click Save. Then Click Open
Click Save. Then Click Open
7. Login to the remote DB server with valid credentials to start the Oracle and MySQL secure tunneling. Once logged in, you will be ready for "local" secure tunneled-access to the Databases with your applications provided they are configured to make use of the local access.
Next section will show sample application e.g. Sqldeveloper setup to access the remote databases locally.
Sqldeveloper Remote Database Local Access Configuration
1. In Sqldeveloper, Right-click on Connections, Select New Connection as shown
2.For Oracle, select Oracle tab. Enter Username/Password, Hostname and Port.
Most important is to note and be sure that we are now using localhost (or 127.0.0.1) as the hostname instead of the Oracle DB remote server's hostname or IP address. This is the point of tunneling, that we set up earlier, allowing us to connect and access the remote DB as if tt was running locally.Test the connection by clicking on Test button and you should see Status : Success (lower left side) as shown provided the PuttySSH tunnel window that you started earlier is still active.
3.The setup for MySQL connection is similar. Click on the MySQL tab and enter connection parameters.
Again, using the SSH tunel set up earlier, note the use of localhost (or 127.0.0.1) as the Hostname instead of the MySQL DB remote server's hostname or IP address. Test the connection successfully and Save it.
Additional Info:
If you do not see or cannot select MySQL tab in Step 3 above, it is most likely because you have not integrated a suitable MySQL connector with your Sqldeveloper installation. You can easily resolve this issue - you can add MySQL connection to your Sqldeveloper installation by following straightforward instructions compiled earlier by MySQL DBA in Installing and Configuring Oracle SQL Developer with MySQL
I am not a DBA but a developer so I don't have direct access to the database server. I get only rpd & ssh access when I connect from the home, this is a problem when I use official laptop at home as I don't have access to the database. I do have a dedicated desktop at work, is there a way to setup tunneling so that I connect to my database from my laptop at home via my desktop without physically logging into the desktop?
ReplyDeleteThank you! This is great :)
ReplyDeleteARINET DBA Services is a Chicago, IL based association set up in 2013. Uniting over 100+ years of consolidated contribution in giving quality Oracle database Support organizations to American associations, we've given the assorted alternatives about remote dba aces, remote dba associations, remote dba strengthen, remote database, prophet remote, dba remote, database affiliation, prophet dba fortify, Oracle sponsorship and Oracle Consultants.
ReplyDeletethis doc helped me. thanks a lot.
ReplyDelete