Balance of security/performance for remote MySQL

I have two servers, one running Apache, the other MySQL.

The Apache server will run PHP scripts that require data from the MySQL server. Long term the majority of these scripts will talk to a web service running on the MySQL server, removing the need for a remote connection. But short term, I need the Apache machine to be able to connect to the remote MySQL database.

I have a configuration at the moment which has the MySQL server listening on an IP and my Apache box can connect using TCP/IP. However these are both production machines, and the majority of research I've done into securing MySQL server is keen for remote connections not to be allowed.

As an alternative, an SSH tunnel is suggested to connect to the remote MySQL server as if it were local, and allowing the MySQL server to reject remote connections. My concern with this method is efficiency. Would adding this extra layer not reduce the speed of the connection? Also, if I were to do this, is there a simple way (simpler than writing a perl script to run from cron) to establish the tunnel post reboot, and ensure it is open at intervals?

Can anyone please provide some advice as to the bes开发者_如何学运维t way to ensure a secure remote MySQL connection whilst maintaing some level of efficiency. If there is a better method than the options I've mentioned, please let me know!

If your apache and DB server are on the same network, you can connect/listen on the internal IP address. 192.. etc.