On Tuesday, 6 March 2018 at 10:15:30 UTC, Martin Tschierschke wrote:
On Tuesday, 6 March 2018 at 07:39:00 UTC, aberba wrote:
On Tuesday, 6 March 2018 at 04:31:42 UTC, Nick Sabalausky (Abscissa) wrote:
[...]
[...]



UNIX sockets provide a way to securely connect in an enclosed/isolated environment without exposing connection externally. This is used in my company in our microservice infrastructure on Google Cloud: we connect to our db instance using a proxy and its the recommended approach in microservices.

Its a very common security practice. The default approach on Google Cloud. I would do the same for any db I want to prevent external access to. If vibe.d doesn't support it then its missing a big piece of a puzzle.
Having sockets would be better, but you may configure your mysql to allow only
local connects. So external requests are blocked.

https://dba.stackexchange.com/questions/72142/how-do-i-allow-remote-mysql-access-to-all-users

Look at the first answer to set the right privileges for your environment.

Additionally blocking the mysql port 3306 (beside many others) from outside the network would make sense.

The MySQL instance is running in a managed cloud instance. You don't get to tweak things like with vps. Proxy based connection its what's used. Not just in my case...it supported in all major mysql libraries "socketPath".
  • mysql-native v2.1.0 Nick Sabalausky (Abscissa) via Digitalmars-d-announce
    • Re: mysql-nativ... aberba via Digitalmars-d-announce
      • Re: mysql-n... Nick Sabalausky (Abscissa) via Digitalmars-d-announce
        • Re: mys... aberba via Digitalmars-d-announce
          • Re:... Martin Tschierschke via Digitalmars-d-announce
            • ... aberba via Digitalmars-d-announce
              • ... Martin Tschierschke via Digitalmars-d-announce
              • ... Nick Sabalausky (Abscissa) via Digitalmars-d-announce
        • Re: mys... Sönke Ludwig via Digitalmars-d-announce
          • Re:... Nick Sabalausky (Abscissa) via Digitalmars-d-announce
          • Re:... Steven Schveighoffer via Digitalmars-d-announce
    • Re: mysql-nativ... bauss via Digitalmars-d-announce
      • Re: mysql-n... bauss via Digitalmars-d-announce
        • Re: mys... bauss via Digitalmars-d-announce
          • Re:... Nick Sabalausky (Abscissa) via Digitalmars-d-announce
            • ... bauss via Digitalmars-d-announce

Reply via email to