添加论坛:共享数据库还是创建新数据库?
我的网站有一个 MySQL 数据库,大约有 50 个表。我努力使其尽可能安全可靠。
根据我们的发展计划,我们将在不久的将来添加一个论坛。
我不确定将论坛放在自己的数据库中更好,还是将其所有表插入我们现有的数据库中更好。我在下面列出了我所理解的两种方法的优缺点,并且希望得到那些比我更有知识和经验的人(几乎是你们所有人)的一些建议:-)
合并到现有数据库
优点
- 容易(例如:使用论坛主题标签将主题与站点页面匹配并自动显示相关讨论的链接)
- 可以将现有用户表合并到论坛中,以便用户无需重新注册即可开始使用论坛
- 多合一备份
缺点
- 我立即添加了大量新代码,其中一些具有数据库访问权限,所有这些都是恶作剧的更高配置目标,这意味着我的原始数据库现在放置在更高的位置 更新论坛软件的攻击风险
- 将更加实际,因为它不会是直接数据库失败
论坛和主站点的独立数据库
优点
- 易于安装,测试,升级,拆除论坛
- 论坛数据库安全漏洞不会使我的主站点面临风险(反之亦然)
缺点
- 集成到现有站点需要同时查询两个数据库。我怀疑这会更难编程。
- 用户必须在论坛上重新注册,
- 备份 2 个数据库而不是 1 个(这是一个小缺点,但确实是一个缺点)
您的想法是什么? :-)
My site has a MySQL database with about 50 tables. I work hard to make it as safe and secure as possible.
Per our development plan, we will be adding a forum in the not too distant future.
I'm unsure about whether it is better to have the forum in its own database, or to insert all its tables into our existing database. I've listed the pros and cons of both approaches below as I understand them, and would appreciate some advice from those more knowledgeable and experienced than I, which is nearly all of you :-)
Merged into Existing Database
Pros
- integrating forum data into existing site is easier (example: using forum thread tags to match threads to site pages and automatically display links to relevant discussions)
- can merge existing users table into forum so users need not re-register to begin using the forum
- all-in-one backups
Cons
- I've instantly added a huge amount of new code, some of which has database access, and all of which is a much higher profile target for shenanigans, meaning my original database is now placed at much more risk of attack
- updating the forum software will be more hands-on, as it will not be a straight database flop
Separate Databases for Forum and Main Site
Pros
- easy install, testing, upgrade, tear down of forum
- forum database security holes don't place my main site at risk (and vice-versa)
Cons
- integration into existing site requires querying two databases at once. I suspect this would be fairly more difficult to program.
- users would have to re-register on the forum
- backing up 2 databases rather than one (this is a minor con, but it is a con)
Your thoughts? :-)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
从 2 个数据库查询:
只需确保您的连接字符串可以访问两个数据库。
并且两个数据库需要位于同一台机器上。
Querying from 2 databases:
Just make sure your connect string has access two both databases.
And both databases need to be on the same machine.
对我来说已经证明了自己的方法是:
The approach that has proven itself for me is:
合并到现有数据库
优点
将论坛数据集成到现有网站中更容易.. [不。从编码的角度来看,在一个数据库上运行查询与在另一个数据库上运行查询没有任何区别。此外,您的查询本身可以跨数据库。]
可以将现有用户表合并到论坛中,以便用户无需重新注册即可开始使用论坛。 [不。是的,您可以执行此操作,但即使论坛表不在该数据库中,您也可以执行此操作。 So it's awash]
一体化备份。 [我想您已经明白了。无论是一个数据库还是两个数据库,备份过程都是相同的。唯一的区别是您有 1 或 2 个文件]
缺点
我立即添加了大量新代码,其中一些具有数据库访问权限,所有这些都是恶作剧的更高配置目标,这意味着我原来的数据库现在面临更大的攻击风险。 [也许。如果新代码使用动态 sql,和/或无法使用参数化查询,那么无论如何它都会被搞砸。此外,如果您的数据层允许用户在完全访问服务器的情况下执行查询,不幸的是,这似乎是大多数应用程序的标准,那么表是否位于同一个数据库中并不重要。有趣的是,MySql 网站一个月前就以这种方式被破解了。]
更新论坛软件将更加实际,因为它不会是直接的数据库失败。 [?我不太确定你的意思。我从来没有听说过在这种情况下使用“失败”这个术语。]
论坛和主站点的单独数据库
优点
易于安装、测试、升级、拆除论坛[不..无论它位于什么数据库中,您都会遇到相同的问题]
论坛数据库安全漏洞不会使我的主站点面临风险(反之亦然) 。 [取决于漏洞类型以及安全实施方式]
缺点
集成到现有站点需要同时查询两个数据库。我怀疑这会更难编程。 [事实并非如此。它具有完全相同的复杂程度。此外,您的查询可以跨数据库。]
用户必须在论坛上重新注册[不。您可以在其他表中重复使用相同的用户表]
备份 2 个数据库而不是一个(这是一个小缺点,但它是一个骗局)。 [我不同意,但话又说回来,我们的服务器上有数十个数据库,并且所有备份都是自动化的。哎呀,一旦我们创建了一个维护计划,它就会自动将其添加到每晚备份计划中,所以这根本就不是一个想法。]
坦率地说,我想说唯一的潜在问题是新的论坛内容如何访问数据库以及准确地该帐户需要哪些用户权限才能完成其工作。如果做得正确,那么就没有问题;但如果做得不对,那么唯一真正的保护就是将论坛软件放在它自己的数据库服务器上......即使这样也可能会导致问题。
但这应该通过适当的安全审核来识别。
Merged into Existing Database
Pros
Integrating forum data into existing site is easier .. [nope. from a coding perspective there isn't any difference between running a query on one database versus another. Also, your queries themselves can cross databases.]
can merge existing users table into forum so users need not re-register to begin using the forum. [nope. Yes you can do this, but you could do it even if the forum tables aren't in this database. So it's a wash]
all-in-one backups. [I think you're grasping here. Whether one database or two, the backup procedures are the same. The only difference is you have 1 or 2 files]
Cons
I've instantly added a huge amount of new code, some of which has database access, and all of which is a much higher profile target for shenanigans, meaning my original database is now placed at much more risk of attack. [maybe. IF the new code uses dynamic sql, and/or fails to use parameterized queries, then it's screwed regardless. Further, if your data layer allows the user the queries execute under full access to your server, which unfortunately seems to be par for the course on most applications, then it doesn't matter if the tables are in the same database or not. Interestingly the MySql site was cracked in this manner a month ago.]
updating the forum software will be more hands-on, as it will not be a straight database flop. [? I'm not entirely sure what you mean by this. I've never heard the term "flop" used in this context.]
Separate Databases for Forum and Main Site
Pros
easy install, testing, upgrade, tear down of forum [No.. You have the same issues regardless of what database it lives in]
forum database security holes don't place my main site at risk (and vice-versa). [depends on the types of holes and exactly how security was implemented]
Cons
integration into existing site requires querying two databases at once. I suspect this would be fairly more difficult to program. [It's not. It has exactly the same level of complexity. Also your queries can cross databases.]
users would have to re-register on the forum [Nope. You can reuse the same user table in the other table]
backing up 2 databases rather than one (this is a minor con, but it is a con). [I would disagree, but then again we have dozens of databases on our servers and all of our backups are automated. Heck, as soon as we create one the maintenance plans automatically add it to the nightly backup schedule so it's not even a thought.]
Quite frankly, I'd say the only potential issue is in how the new forum stuff accesses the database and exactly what user rights that account needs in order to do its job. If done right then there is no issue; but if it's done way wrong then the only real protection would be to place the forum software on it's own database server... and even then it might cause problems.
But this should be identified by a proper security audit.