mysql-native v2.1.0
Martin Tschierschke
mt at smartdolphin.de
Tue Mar 6 10:15:30 UTC 2018
On Tuesday, 6 March 2018 at 07:39:00 UTC, aberba wrote:
> On Tuesday, 6 March 2018 at 04:31:42 UTC, Nick Sabalausky
> (Abscissa) wrote:
[...]
>> I'm not opposed to it being added, but I'm not aware of what
>> benefit it would provide that would big enough to make it a
>> priority. Also, AFAIK, vibe doesn't offer socket support like
>> it does TCP, so vibe users would loose out on the automatic
>> yield-on-io that's a cornerstone of vibe's concurrency design.
>
>
> UNIX sockets provide a way to securely connect in an
> enclosed/isolated environment without exposing connection
> externally. This is used in my company in our microservice
> infrastructure on Google Cloud: we connect to our db instance
> using a proxy and its the recommended approach in microservices.
>
> Its a very common security practice. The default approach on
> Google Cloud. I would do the same for any db I want to prevent
> external access to. If vibe.d doesn't support it then its
> missing a big piece of a puzzle.
Having sockets would be better, but you may configure your mysql
to allow only
local connects. So external requests are blocked.
https://dba.stackexchange.com/questions/72142/how-do-i-allow-remote-mysql-access-to-all-users
Look at the first answer to set the right privileges for your
environment.
Additionally blocking the mysql port 3306 (beside many others)
from outside the network would make sense.
More information about the Digitalmars-d-announce
mailing list