[Cialug] mysql security questions

Eric Junker eric at eric.nu
Sat Jul 30 16:47:14 CDT 2011


On 7/30/2011 4:22 PM, Dave Weis wrote:
>
> For 1 you would put your database server on a separate logical
> network that isn't reachable from outside and use password security
> to lock down access to the db.
>
> For 2 the db server doesn't need to know about the clients. The
> clients need to know the ip, username, and password for the database.
> Put that in your config files for the servers that are spun up and
> you should be fine.

For 1 that separate logical network somewhat already exists. If your EC2 
instances are all in the same region then they can communicate over the 
internal network. Your front end instances should connect to the 
database over the internal network as it will be more secure, faster and 
you won't be charged for the bandwidth.

If you are concerned about security and really want to lock it down you 
could use EC2 security groups to define which ports and protocols are 
allowed.

Eric


More information about the Cialug mailing list