maria-discuss team mailing list archive
Mailing list archive
Re: Parallel Databases and network security
Am 16.01.2018 um 01:37 schrieb Ruben Safir:
"i want it" is no valid reason when it comes to security but if you want
to learn it the hard way just go ahead...
On Tue, Jan 16, 2018 at 01:14:00AM +0100, Reindl Harald wrote:
Am 15.01.2018 um 23:31 schrieb Ruben Safir:
Now, I had two choices, to change the software to talk across the
open local area network, and move the database to the webserver...
or hot copy, which I know maria has been able to do for a while, but I
never implimented it. But i want to do this and restrict connections to
the internal network. It is easy enough to justblock the external ports
but I would rather do this through the database.
but it is pretty dumb have mysqld reachable on the WAN because you
expose every future CVE for no good reason
Restrict network access? Specify the correct peer ip address or a host
name when creating a user
the IP - security based on PTR records and rely on name-resolution
is a bad idea, anyways one needs still tell me one sane reason why
do ip restrictions in the atatcked application instead the
networklayer in front of
Because that is how I want it. The longer explanation is, because that
is how I want to do it, period.
I really didn't ask for a debate on the pros and cons of firewalls
sorry for giving recommendations from a world where security is taken
serious - go and f.. yourself with that attitude and don't come back
here whining when some CVE or config mistake hit you straight in the face