Hi all,
we're going to deploy a web app that manages users/roles for another
application.
We want the database to be "safe" from changes made by malicious
users.
I guess our options are:
1) have the db listen only on local connections; basically when the
machine is accessed the db could be "compromised". Hardening the
server access is the only true security defense we have.
2) Use, as user/password, the same user/password used to
enter the web app. Basically there would be a 1 to 1 matching between
our app users (and password...) and the db users (with proper
permissions...)
I'm not a great expert on these things (as you've already guessed...).
Can someone help me?
Thank you
