Security concerns about ODBC con between Access and MariaDB (1 Viewer)

Etxezarreta

Member
Local time
Today, 12:06
Joined
Apr 13, 2020
Messages
135
Hello everyone,
I use an ODBC connection between a Maria DB and and a local Access DB. Every user has got his own local Access, in order to visualize data.
My client seems concerned about this: he wonders how risky is an ODBC connection, and what would be the best way to maximize the security.
He suggests me that it would be a better idea to put the Access DB in a drop box, but I dont even know if that would work..
ECould you please share your experience?
Many thanks in advance.
Etxe.
 

theDBguy

I’m here to help
Staff member
Local time
Today, 03:06
Joined
Oct 29, 2018
Messages
14,539
That depends on what security risk they're trying to mitigate by using Dropbox. Can you ask what is the major concern with the ODBC?
 

isladogs

CID VIP
Local time
Today, 11:06
Joined
Jan 14, 2017
Messages
14,689
I've never used MariaDB though one member of AWF does. You may want to send a PM to @Steve R. if this doesn't alert him.
What I can tell you is that you should never use any form of cloud storage such as Dropbox or One Drive/Google Drive for a working database.
All are fine for sending a database to another user but any form of cloud storage will have a significant risk of causing corruption if used 'live'.
This is likely if there is any interruption in the connection whilst data is written.
 

Steve R.

Retired
Local time
Today, 06:06
Joined
Jul 5, 2006
Messages
2,791
Beyond the standard login, security of each individual database and even the tables can be handled by granting privileges, to the user, to access specific databases and tables. A summary table of granting privileges.

Mariadb Create User

To address your concern more explicitly. If you clicked on the link above, further down there is a section on security. A partial quote is below, but you will need to read further down too.
By default, MariaDB transmits data between the server and clients without encrypting it. This is generally acceptable when the server and client run on the same host or in networks where security is guaranteed through other means. However, in cases where the server and client exist on separate networks or they are in a high-risk network, the lack of encryption does introduce security concerns as a malicious actor could potentially eavesdrop on the traffic as it is sent over the network between them.

To mitigate this concern, MariaDB allows you to encrypt data in transit between the server and clients using the Transport Layer Security (TLS) protocol. TLS was formerly known as Secure Socket Layer (SSL), but strictly speaking the SSL protocol is a predecessor to TLS and, that version of the protocol is now considered insecure. The documentation still uses the term SSL often and for compatibility reasons TLS-related server system and status variables still use the prefix ssl_, but internally, MariaDB only supports its secure successors.

See Secure Connections Overview for more information about how to determine whether your MariaDB server has TLS support.

As a cautionary note. Both MySQL and MariaDB have made "security" revisions over time. Consequently, it is important to be aware of the version number of the database that you are using when searching for answers on the internet that may now be "outdated".
 
Last edited:

Etxezarreta

Member
Local time
Today, 12:06
Joined
Apr 13, 2020
Messages
135
Many thanks DB Guy, Isla and Steve.
I just read the Microsoft documents online to understand how to activate the TLS protocol, , what would be the consequences for the users?
Steve, how difficult is this to implement?
 

Steve R.

Retired
Local time
Today, 06:06
Joined
Jul 5, 2006
Messages
2,791
Many thanks DB Guy, Isla and Steve.
I just read the Microsoft documents online to understand how to activate the TLS protocol, , what would be the consequences for the users?
Steve, how difficult is this to implement?
Can't answer that. I have a simple LAN based MariaDB structure. Ironically, MariaDB does not appear to have a user friendly forum like this one here. :( Maybe @Jon can fill in the void.

You may want to nose around here: The Community. There is a MySQL forum, but I have found it to be worthless.
"Good" answers to questions can be found on the various forums run by the Stack Exchange Network. (Many answers that were valid at the time of posting may now be "obsolete". So one has to be very careful in applying them.) I have developed extreme reluctance to actually posting any questions on those forums. Too many, "You are an idiot, for asking" responses. Basically, to find an answer, like "how to activate the TLS protocol", I do an internet search and then methodically try to narrow the search results down.

PS: I am somewhat overlooking the possibility that there may be an answer (tutorial) to your question that may already exist, but be embedded somewhere deep within the MariaDB website itself.

MariaDB documentation
 
Last edited:

Users who are viewing this thread

Top Bottom