locked
I am developing a Web App which will have millions of users. I am expecting to use MySQL & Microsoft SQL. Is there any issue with doing that? RRS feed

  • Question

  • I am developing an app that will server millions of users. Most of the information coming out of the database won't be of any security concern, but there will be some accounts with financial information that I want more secure. For money reasons, I am looking at using MySQL for the majority of the Web app and then when I am using a secure connection for money things, using Microsoft SQL Server. Is there anything wrong with that idea?

    DCSSR

    Wednesday, April 2, 2014 2:15 PM

Answers

  • I don't have idea about MYSQL however for MSSQL Security and encryption refer this link http://technet.microsoft.com/en-us/library/bb510663.aspx

    Application users do not require Database information, it is the developer who need access to database and it will be difficult to control security for developers. Users only access the web interface therefore it is important that the design of the application must be secure and has the right information for right people.


    Regards, RSingh

    Sunday, April 6, 2014 4:54 AM
  • Hi, Your architecture is not clear to me. I see no reason of using both MySQL and SQL Server. There is no problem in securing your MySQL server as well as the SQL Server. By the way most of the security which should be done has nothing to do with the database Server but with the application.

    I highly recommend to read about PCI DSS (You do not need this security but you can learn from that). I have secure several web application which use MySQL and got the PCI DSS without any problem. Once You secure your application and it successfully past the security checks then you get a  certificate like this.

    * PCI DSS: Payment Card Industry Data Security Standard

    If you need a specific help please try to ask a specific question and I will be happy trying to help you :-)


    [Personal Site] [Blog] [Facebook]signature

    • Edited by pituachMVP Sunday, April 6, 2014 8:38 AM
    • Proposed as answer by Ibrahim Basha Shaik Sunday, April 6, 2014 11:55 AM
    • Marked as answer by DCSSR Wednesday, April 9, 2014 9:41 AM
    Sunday, April 6, 2014 8:34 AM
  • I understand the confusion. I don't want the expense of Microsoft SQL server and was thinking that if I left everything that didn't need to be secure in MySQL, then I could use Microsoft SQL Server free (less than 10 GB) for just billing where security is more of an issue for me.  It might just be me, but I feel more vulnerable using MySQL. Should I not feel that way?

    DCSSR

    This is wrong and it is not not professional to throw recommendations regarding a specific system design , while we do not know your system characterization (which is something you can not post in a forum). What we do here is mostly helping in specific question or just throw comments and general points based on golden rules (rules of thumb). as i wrote before I see no reason of using both MySQL and SQL Server and the new information did not change this.:-)

    I can not tell how you should feel, as I dont know you or your system and most important I do not know your developers knowledge/ability. I can tell you that there is no problem in using MySQL regarding security if you do it in the right way. I can tell you that I would feel great with working with MySQL regarding security (By personally i prefer SQL Server).

    * You can think on using NoSQL (as well as MySQL) if u need free database server if the size limitation of 10 GB is the problem. You can use flat database as well for some data.

    * If the problem is using 20 GB then I will prefer in most cases to use 2 databases from the same type on using 2 different database server. In this case where I have to choose between using SQLEXPReSS+MySQL or 2 SQLEXPRESS i will probably prefer 2 SQL EXPRESS databases (in 2001 I had a system with more then 20k users using several MS-ACCESS as databases... It worked great).

    I hope this is useful :-)


    [Personal Site] [Blog] [Facebook]signature

    • Edited by pituachMVP Sunday, April 6, 2014 2:28 PM
    • Proposed as answer by Saeid Hasani Wednesday, April 9, 2014 5:58 AM
    • Marked as answer by Saeid Hasani Wednesday, April 9, 2014 5:59 AM
    Sunday, April 6, 2014 2:26 PM
  • You are most welcome :-)
    Just make sure you do need to secure your system regardless the server you choose, and you have to know how to use the server which was chosen.

    Please close the thread by marking the answers, and you can voite for useful response here as well in other threads you read :-)


    [Personal Site] [Blog] [Facebook]signature

    • Marked as answer by DCSSR Wednesday, April 9, 2014 9:41 AM
    Sunday, April 6, 2014 8:40 PM

All replies

  • I don't have idea about MYSQL however for MSSQL Security and encryption refer this link http://technet.microsoft.com/en-us/library/bb510663.aspx

    Application users do not require Database information, it is the developer who need access to database and it will be difficult to control security for developers. Users only access the web interface therefore it is important that the design of the application must be secure and has the right information for right people.


    Regards, RSingh

    Sunday, April 6, 2014 4:54 AM
  • Hi, Your architecture is not clear to me. I see no reason of using both MySQL and SQL Server. There is no problem in securing your MySQL server as well as the SQL Server. By the way most of the security which should be done has nothing to do with the database Server but with the application.

    I highly recommend to read about PCI DSS (You do not need this security but you can learn from that). I have secure several web application which use MySQL and got the PCI DSS without any problem. Once You secure your application and it successfully past the security checks then you get a  certificate like this.

    * PCI DSS: Payment Card Industry Data Security Standard

    If you need a specific help please try to ask a specific question and I will be happy trying to help you :-)


    [Personal Site] [Blog] [Facebook]signature

    • Edited by pituachMVP Sunday, April 6, 2014 8:38 AM
    • Proposed as answer by Ibrahim Basha Shaik Sunday, April 6, 2014 11:55 AM
    • Marked as answer by DCSSR Wednesday, April 9, 2014 9:41 AM
    Sunday, April 6, 2014 8:34 AM
  • I understand the confusion. I don't want the expense of Microsoft SQL server and was thinking that if I left everything that didn't need to be secure in MySQL, then I could use Microsoft SQL Server free (less than 10 GB) for just billing where security is more of an issue for me.  It might just be me, but I feel more vulnerable using MySQL. Should I not feel that way?

    DCSSR

    Sunday, April 6, 2014 12:45 PM
  • I understand the confusion. I don't want the expense of Microsoft SQL server and was thinking that if I left everything that didn't need to be secure in MySQL, then I could use Microsoft SQL Server free (less than 10 GB) for just billing where security is more of an issue for me.  It might just be me, but I feel more vulnerable using MySQL. Should I not feel that way?

    DCSSR

    This is wrong and it is not not professional to throw recommendations regarding a specific system design , while we do not know your system characterization (which is something you can not post in a forum). What we do here is mostly helping in specific question or just throw comments and general points based on golden rules (rules of thumb). as i wrote before I see no reason of using both MySQL and SQL Server and the new information did not change this.:-)

    I can not tell how you should feel, as I dont know you or your system and most important I do not know your developers knowledge/ability. I can tell you that there is no problem in using MySQL regarding security if you do it in the right way. I can tell you that I would feel great with working with MySQL regarding security (By personally i prefer SQL Server).

    * You can think on using NoSQL (as well as MySQL) if u need free database server if the size limitation of 10 GB is the problem. You can use flat database as well for some data.

    * If the problem is using 20 GB then I will prefer in most cases to use 2 databases from the same type on using 2 different database server. In this case where I have to choose between using SQLEXPReSS+MySQL or 2 SQLEXPRESS i will probably prefer 2 SQL EXPRESS databases (in 2001 I had a system with more then 20k users using several MS-ACCESS as databases... It worked great).

    I hope this is useful :-)


    [Personal Site] [Blog] [Facebook]signature

    • Edited by pituachMVP Sunday, April 6, 2014 2:28 PM
    • Proposed as answer by Saeid Hasani Wednesday, April 9, 2014 5:58 AM
    • Marked as answer by Saeid Hasani Wednesday, April 9, 2014 5:59 AM
    Sunday, April 6, 2014 2:26 PM
  • I wasn't intending to recommend that MySQL isn't as safe to use as Microsoft SQL even though I see that is what it came out as.  I spend a lot of time in the medical area and kind of get stuck being a little to conservative. This is for an app with no budget and so I will probably use MySQL as you are saying would be ok.

    Thanks


    DCSSR

    Sunday, April 6, 2014 2:30 PM
  • You are most welcome :-)
    Just make sure you do need to secure your system regardless the server you choose, and you have to know how to use the server which was chosen.

    Please close the thread by marking the answers, and you can voite for useful response here as well in other threads you read :-)


    [Personal Site] [Blog] [Facebook]signature

    • Marked as answer by DCSSR Wednesday, April 9, 2014 9:41 AM
    Sunday, April 6, 2014 8:40 PM