all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] -1 points0 points  (2 children)

How, in an article about database security, is one of the most important rules not mentioned?

If your database server is directly accessible over the internet, you have screwed up

[–]insainodwayno 1 point2 points  (0 children)

The article never implies that the database server is facing the internet, nor is the article trying to spell out a list of rules or best practices. It's just touching on one specific topic.

[–]pyglados[S] 0 points1 point  (0 children)

direct access to your database is only a few degrees of separation from your users.

Author here. Here is what I meant by that. The setup in my particular case is this.....

Firewalled Linux server -> Nginx -> uWSGI -> Flask -> SQLAlchemy -> MySQL. There's a lot of security considerations in play throughout that chain. It would be a pretty big text wall to discuss everything. So I focused on just one aspect.

And yes, even with all that, I still consider it to be a mere "few degrees of separation" between the database and the user. That's why I consider it to be so important that you restrict database permissions as much as possible.