[Cialug] mysql security questions
Eric Junker
eric at eric.nu
Sat Jul 30 17:00:35 CDT 2011
On 7/30/2011 4:47 PM, Eric Junker wrote:
> On 7/30/2011 4:22 PM, Dave Weis wrote:
>>
>> For 1 you would put your database server on a separate logical
>> network that isn't reachable from outside and use password security
>> to lock down access to the db.
>>
>> For 2 the db server doesn't need to know about the clients. The
>> clients need to know the ip, username, and password for the database.
>> Put that in your config files for the servers that are spun up and
>> you should be fine.
>
> For 1 that separate logical network somewhat already exists. If your EC2
> instances are all in the same region then they can communicate over the
> internal network. Your front end instances should connect to the
> database over the internal network as it will be more secure, faster and
> you won't be charged for the bandwidth.
>
> If you are concerned about security and really want to lock it down you
> could use EC2 security groups to define which ports and protocols are
> allowed.
Here is an article that explains how to use the internal network.
http://alestic.com/2009/06/ec2-elastic-ip-internal
Eric
More information about the Cialug
mailing list