I have two linodes in the newark facility one with apache / php and the other running mysql. The servers both have firewalls with rules to only allow mysql traffic between them on the internal IP addresses.

Is there any need to look at creating a secure connection between the machines so the Mysql traffic is encrypted or do you think the fact that they are using the internal IP addresses makes the system secure enough?

Maybe just being a little paranoid because its an e-commerce application.

You don't control the network, so you should encrypt traffic between your nodes, especially if it's payment data. The only overhead will be a little additional CPU usage, which you presumably have oodles of spare of.

That is kinda what I thought, does any one have any suggestions on the best way to do this?

You should always encrypt your traffic, however I have heard that due to some magic from caker, it's not actually possible for another Linode to listen to packets that are not destined for it (on the internal network).

You should be using web services over HTTPS to transfer data between the servers, not proprietary MySQL protocol.

Linode filters at the data link and network layers, inbound and outbound. It's secure, but you still shouldn't rely on it for stuff like e-commerce payments.

_________________
/ Peter

That is incorrect. Why would you use a web server protocol for a database connection? That makes absolutely no sense. And when did the MySQL protocol become proprietary? Correct me if I'm wrong, but everything about MySQL (excluding the actual commercial MySQL product) is open and open source.

I can't wait to hear the logic behind this one.

Dude, everyone knows that HTTP(S) is the protocol of teh internetz

That's right. Al Gore figured it all out when he was inventing the intertubes.

_________________
/ Peter

Good tiered software design includes separation of the layers. Optimally you want to use a neutral protocol so that you can swap your database server in the data later without any change to the other layers. Otherwise you're locking yourself in to a certain database product.

I would have said, establish an encrypted VPN between the two linodes over the private network. Anything going over that virtual interface can be considered safe.

OpenVPN would probably work?

Or just use MySQL's built in SSL capabilities.

I think you're misunderstanding that architecture. The point is to isolate database access into a dedicated layer, and this is the layer that talks to the database servers. The communication to the database will still use whatever protocol the database wishes, the point is that changing databases only requires swapping out the data access layer.

There's little reason to put the data access layer on the same physical servers as the database software itself. Claiming that HTTPS should be used for database access is silly.

So instead of using an abstract DBI that talks to the database server on a remote host, you're going to have your own "proprietary" (by your own definition) "webservice" to access this data, increasing complexity and adding overhead by adding yet another layer for your application to walk through.

There is nothing wrong with MVC, but when you're doing (MVC)VC, you're going overboard.