Am Sonntag, 1. Oktober 2006 11:23 schrieb Pierre Schmitz: > Am Sonntag, 1. Oktober 2006 17:08 schrieb Askadar: > > Why bother to export, mirror, and export a snapshot of the DB when MySQL > > supports user management and TCP/IP connections just fine? Just create a > > restricted user account that is only allowed to select stuff and can only > > connect from archlinux.de and archlinuxfr.org and you are all set. To > > reduce traffic and latency, you could just cache the query results. > > > > IMHO that's a much cleaner solution. > > Yes, but this might be a potential security risk and I would really > understand if Judd does not want to open the mysql-server to anybody.
Only if MySQL has gaping security holes. By restricting the clients that connect to MySQL with iptable rules on top of MySQL own restrictions, you would first have to root archlinux.de and then exploit a hole in MySQL before you can cause any damage on archlinux.org. That would require a targeted attack, it is nothing a worm could exploit. Quite unlikely, if you ask me, especially if you keep everything patched. - Askadar _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
