[Typo3] Seperate BE database connection

Michael Stucki michael at typo3.org
Wed Jun 8 20:58:01 CEST 2005 

Hi Suman,

> Sorry, late answer.

Me too :-)

> Was not in the loop for a while. Also, sorry again for 
> the seemingly rude response last time. However, if you would have given me
> some reasons why this would not be so secure or pointed me towards any
> resource, it would have been much more helpful to me.

Agreed. Sorry for that.

> A bit more (useless?) background:
> Many times while presenting a solution to the client we have to conform
> with the clients' existing overall security policies. These policies may
> or may not make sense in our context.

I know that situation from big companies:
Version 3 is more secure but only 2 was validated, so you must use this one.

A considerable alternative: Tell them you use version 2 but use version 3 to
have you life a little easier ;-)

> But we have to implement them nevertheless (the price of coexisting in a
> heterogenous environment I guess ;-)) The solution of keeping the FE and
> BE access seperate (and on different physical servers) was one of such
> requirements of the client.

This is too tricky I think, and it would be much easier to allow BE logins
only from a specified subnet!

> Not finding anything concrete/relevant in the documentation and the
> previous posts, I finally approached the list. When I finally hit upon the
> idea of having the same MySQL login but from different IPs, I posted the
> same as an answer to my own post. However, I would very much like to hear
> about the potential pitfalls of this approach. It will help us in
> explaining the same and educating the client/s in the future. :-) 

I don't think that there are any pitfalls except that it's just a lot of
work and I don't see any need for this.

Seriously. If anybody could store content although he's not logged into the
BE then we definitively would have a big problem .

A nice side effect of this would be that timtaw wouldn't be needed
anymore... ;-)

Regards, michael
-- 
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/

More information about the TYPO3-english mailing list