MySQL database in different server: good or bad?

notset

Hello,

i'm creating e-commercial website. Many similliar sites like my have received DDos attacks, so i'm thinking about some smart "system protection", that if my site is offline, the system, which requires hourly database updates, would work fine.
So, in my opinion, the best way is to host database, cron jobs and one script (update.php) in different server.
The question would be, if is it good to use mysql database which is not in the localhost? How about the time? Would it work much slower or not?

Thank's for comments.

ragedigital

notset wrote:
Many similliar sites like my have received DDos attacks

What site doesn't get attacked. It's a risk that everyone takes in "e-commerce".

The real question is - how well do you understand server protection? If you would rather not deal with it, then let someone who does take care of it for you.

Speed - it all really depends on the connections to the server as well as the client's service. Plus, your programming can have a big effect - so program smart.

Depending on how large your company is, and how much time and money you are willing to spend on upgrades and defense mechanisms will ultimately answer your question. I run several sites with online Data Centers that are not my own...

Good luck!

MarkR

defending against serious DDoS attacks is not something you can do cheaply. If someone attacks you seriously, you have no option but:

Give up and close your site
Hire a hugely expensive content delivery network to set up worldwide load balanced web-front ends for you. This won't be cheap.

By a major DDoS I mean one which causes your hosting provider's upstream bandwidth to become saturated.

You can't handle this type of attack at the application level, it can only realistically be handled by throwing enough money at the problem.

Of course a DDoS atack will probably reduce the load on your server to zero, as legitimate traffic won't be able to get on, so your hourly scripts will run perfectly.

It really depends what kind of DDoS- lame ones (e.g. ones which don't use IP spoofing) can be defended against with existing stateful firewall products which IP blacklist nasty clients.

Mark