[Cialug] mysql security questions
Eric Junker
eric at eric.nu
Sat Jul 30 16:47:14 CDT 2011
On 7/30/2011 4:22 PM, Dave Weis wrote:
>
> For 1 you would put your database server on a separate logical
> network that isn't reachable from outside and use password security
> to lock down access to the db.
>
> For 2 the db server doesn't need to know about the clients. The
> clients need to know the ip, username, and password for the database.
> Put that in your config files for the servers that are spun up and
> you should be fine.
For 1 that separate logical network somewhat already exists. If your EC2
instances are all in the same region then they can communicate over the
internal network. Your front end instances should connect to the
database over the internal network as it will be more secure, faster and
you won't be charged for the bandwidth.
If you are concerned about security and really want to lock it down you
could use EC2 security groups to define which ports and protocols are
allowed.
Eric
More information about the Cialug
mailing list