On Tuesday, 6 March 2018 at 10:15:30 UTC, Martin Tschierschke
wrote:
On Tuesday, 6 March 2018 at 07:39:00 UTC, aberba wrote:
On Tuesday, 6 March 2018 at 04:31:42 UTC, Nick Sabalausky
(Abscissa) wrote:
[...]
[...]
UNIX sockets provide a way to securely connect in an
enclosed/isolated environment without exposing connection
externally. This is used in my company in our microservice
infrastructure on Google Cloud: we connect to our db instance
using a proxy and its the recommended approach in
microservices.
Its a very common security practice. The default approach on
Google Cloud. I would do the same for any db I want to prevent
external access to. If vibe.d doesn't support it then its
missing a big piece of a puzzle.
Having sockets would be better, but you may configure your
mysql to allow only
local connects. So external requests are blocked.
https://dba.stackexchange.com/questions/72142/how-do-i-allow-remote-mysql-access-to-all-users
Look at the first answer to set the right privileges for your
environment.
Additionally blocking the mysql port 3306 (beside many others)
from outside the network would make sense.
The MySQL instance is running in a managed cloud instance. You
don't get to tweak things like with vps. Proxy based connection
its what's used. Not just in my case...it supported in all major
mysql libraries "socketPath".
