Go roles security setting and modify mysql defaults and remove 3306 By defaults all ports are open to each other within the farm, the security setting on the roles configure external access.
On Feb 17, 2009, at 9:02 AM, kenja <[email protected]> wrote: > > Has anyone developed a means to lock down the mysql servers and app > servers so they will only accept connections from the www server via > ports 3306, 80, and 443? It seems that the default is for them to be > wide open to the world, which is not ideal from a security > standpoint. > > We could do it by reserving a block of elastic IPs, but that seems > silly as you have to have a bunch of unused IPs sitting around at $15/ > mo each. Plus you cap the number of servers you can launch by the > number of IPs you purchase. > > Better would be a startup script that adds all IPs in the farm to the > firewall allowed list and then some kind of notification mechanism > when new servers are launched. Does anyone do this? > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/scalr-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
