On Tuesday, 6 March 2018 at 07:39:00 UTC, aberba wrote:
On Tuesday, 6 March 2018 at 04:31:42 UTC, Nick Sabalausky
(Abscissa) wrote:
[...]
I'm not opposed to it being added, but I'm not aware of what
benefit it would provide that would big enough to make it a
priority. Also, AFAIK, vibe doesn't offer socket support like
it does TCP, so vibe users would loose out on the automatic
yield-on-io that's a cornerstone of vibe's concurrency design.
UNIX sockets provide a way to securely connect in an
enclosed/isolated environment without exposing connection
externally. This is used in my company in our microservice
infrastructure on Google Cloud: we connect to our db instance
using a proxy and its the recommended approach in microservices.
Its a very common security practice. The default approach on
Google Cloud. I would do the same for any db I want to prevent
external access to. If vibe.d doesn't support it then its
missing a big piece of a puzzle.
Having sockets would be better, but you may configure your mysql
to allow only
local connects. So external requests are blocked.
https://dba.stackexchange.com/questions/72142/how-do-i-allow-remote-mysql-access-to-all-users
Look at the first answer to set the right privileges for your
environment.
Additionally blocking the mysql port 3306 (beside many others)
from outside the network would make sense.
