stackoom
  简体   繁体   中英

Active Record (Rails) MySQL Secure Connection

 原文  2010-11-29 23:28:33       mysql/ ruby-on-rails/ database/ security/ activerecord

Question

Now, I haven't been able to find any good resources on this subject so I'll ask my question here and see if anyone has any suggestions/recommendations.

I will be deploying a Ruby on Rails application soon (Active Record ORM), and my database (MySQL or PostgreSQL) will be located at an external location (outside of 127.0.0.1 range).

I am able to connect to the external MySQL database, simply by unbinding the address in the /etc/mysql/my.conf and adding a user that takes connections from external locations. However, since the data is being transferred from my application server to my MySQL server, how (in)secure is this?

Do I need to do some form of encryption? Does Active Record do anything in the background to protect data from being hijacked (or whatever you call it) during the transfer? Or is my data secure enough by default with MySQL and/or PostgreSQL when working with databases at external locations?

So in short: Is there anything (extra) I should be doing when my MySQL or PostgreSQL database is located at an external location, rather than when it's in localhost range?

Any suggestions, pointers, recommendations and resources would be much appreciated!

Thanks!

2 answers

solution1
 2 ACCPTED  2010-11-29 23:42:44

It strongly depends on how the application server and the database server are connected.

If the traffic is routed in the wild (ie you dont have a virtual private network connecting your servers), you can set up an SSL connection between your Rails app and MySQL:

  • MySQL supports secure (encrypted) connections between MySQL clients and the server using the Secure Sockets Layer (SSL) protocol. Reference .
  • ActiveRecord has options for SSL security ( :sslkey and others in database.yml ). Reference

Restricting external connection to MySQL from a given IP for a low privileged user still applies.

solution2
 1  2010-11-29 23:54:19

As well as looking at the option of running over SSL, you can and should lock the database server to only accept connections from specific IP addresses.

I would generally only run SSL if the connection is entirely untrusted as it can have some performance impacts.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Mysql query in rails active record Converting Mysql code to rails active record query Rails active record sort with a conditional. mysql Secure MySQL Connection in Python Secure Remote mySQL Connection How to convert mysql query to ruby on rails active record in multiple joins Trouble converting my MySQL query to rails active record format Maintaining a Secure MySQL connection Secure MySQL connection in Java? Secure MYSQL connection details
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM