谷歌云 (GCP) SQL 对 SSL 证书的限制
[英]Google cloud (GCP) SQL limit on the SSL certificates
问题描述
Our company uses MySQL on the GCP.
我司在GCP上使用MySQL。
For the prod database, we use SSL certificates - we have one for our services and a couple of "personal" certs for different developers.对于 prod 数据库,我们使用 SSL 证书——我们有一个用于我们的服务,还有几个“个人”证书用于不同的开发人员。
Currently, I'm creating new certificates for other developers and I just noticed that GCP allows only to create up to 10 (.) certificates per database - which is no way enough if we want to issue each developer its own personal certificate.目前,我正在为其他开发人员创建新证书,我刚刚注意到 GCP 只允许为每个数据库创建最多 10 个 (.) 证书 - 如果我们想为每个开发人员颁发自己的个人证书,这还远远不够。
Is there any way to overcome this limitation?有没有办法克服这个限制? The goal is to have a separate SSL certificate per developer, which is a much higher number than 10.目标是为每个开发人员提供一个单独的 SSL 证书,该数字远高于 10。
1 个解决方案
解决方案1
2 2021-03-02 21:50:57
I think you are trying to overdesign a solution.我认为您正在尝试过度设计解决方案。 The SSL certificate is used to encrypt connections. SSL 证书用于加密连接。 This does not help you with identity/database security beyond encrypted connections.除了加密连接之外,这对您的身份/数据库安全没有帮助。 Use MySQL style security to protect database access in addition to SSL connection encryption.除了 SSL 连接加密之外,使用 MySQL 样式的安全性来保护数据库访问。 SSL setup is a CPU intensive action. SSL 设置是 CPU 密集型操作。 Multiple certificates adds to that overhead.多个证书会增加开销。 I recommend limiting your certificates to groups of users and not one per user.我建议将您的证书限制为一组用户,而不是每个用户一个。
Is there any way to overcome this limitation?
No, this is a hard limit that you cannot change.不,这是您无法更改的硬性限制。
Consider using the Cloud SQL Proxy which provides multiple additional benefits.考虑使用 Cloud SQL 代理,它提供了多种额外的好处。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.