MySql and security

cyclic

I am considering moving an offline database to my server which is shared. The database has customers' details and stock levels but nothing more commercially sensitive.

I want to do this so my client has access from any of his three branches. Is this a good idea or does it have serious security implications?

bastien

sure, your server might not be up to date with new security patches, there might be holes in your code that can be xploited to allow hackers to access/change data...

you might conisder using only ssl to connect to the database online, using login, passwords, cookies and tracking the IP of the user, logging the user activities, etc

Tracer

I have been trying to do this for some time...My problem however is that while I have a MySQL 4.0.13 server compiled with openssl running on a linux box...The box serving out PHP is on a windows machine...Unfortunately, all windows versions of PHP are compiled against the MySQL 3.x API's so you can't use SSL....

If anyone knows differently, please let me know!