On 03/07/2018 04:16 AM, aberba wrote:
On Tuesday, 6 March 2018 at 10:15:30 UTC, Martin Tschierschke wrote:
On Tuesday, 6 March 2018 at 07:39:00 UTC, aberba wrote:
UNIX sockets provide a way to securely connect in an
enclosed/isolated environment without exposing connection externally.
This is used in my company in our microservice infrastructure on
Google Cloud: we connect to our db instance using a proxy and its the
recommended approach in microservices.
Its a very common security practice. The default approach on Google
Cloud. I would do the same for any db I want to prevent external
access to. If vibe.d doesn't support it then its missing a big piece
of a puzzle.
Having sockets would be better, but you may configure your mysql to
allow only
local connects. So external requests are blocked.
https://dba.stackexchange.com/questions/72142/how-do-i-allow-remote-mysql-access-to-all-users
Look at the first answer to set the right privileges for your
environment.
Additionally blocking the mysql port 3306 (beside many others) from
outside the network would make sense.
The MySQL instance is running in a managed cloud instance. You don't get
to tweak things like with vps. Proxy based connection its what's used.
Not just in my case...it supported in all major mysql libraries
"socketPath".
I'd say, please file a ticket here:
https://github.com/mysql-d/mysql-native/issues
The more clearly the case is presented, the more likely it is to be
given appropriate priority.
I'd also encourage yourself, and others who may care about this issue,
to please consider working on a PR for this. I am only one person and
only have so many resources to go around, so if those who do find this
important can offer an implementation, that's the best way to get a
feature included ASAP. If it's left to me to implement, then it has to
compete with all the rest of my projects and priorities.
I'd be more than glad to offer any help I can in either understanding
the codebase, or in any other way I can help improve the "bus factor" of
this project. Just ping me through a ticket on github, or privately via
https://semitwist.com/articles/contact/form/contact-us (and yes, I know
the captcha system there is woefully out-of-date :/ )
To be clear, please understand, this ISN'T a "no" by any means. I am
fully open to this feature getting implemented, and I want this lib to
be as useful to as many people as possible. It's just that I only have
so much resources of my own, and I don't get paid for this, so if it's
left completely up to me then it has to compete with everything else
vying for my attention.
