I'm currently running over some final tweaks and security measures for my MySQL server deployments. Mainly I'm running Google's Golang and connect to the MySQL database through a Socket connection.
In my my.cnf file I use the skip-networking configuration to disable any networking access to the database, because there is literally no case where I would want that, as I'm using SSH anyway.
Now for a worst case scenario. I run a compiled Golang website (so there are no source-files visible, even the database login will be compiled in the binary (for now I'm testing this method, as I can update my binaries with only 1 second downtime on the websites)). Image someone's breached (a part) of my server. I know it's pretty useless from that part on, but I still want to secure as many internal stuff too to minimize damage until I'm being able to shut the intruder out or reach the physical machine. I also non-defaulted the root username and changed the mysqladmin secure password.
So the question; My Golang application is fully compiled, so the attacker won't be able to instantly access files (like on most script-based websites) and just see what the mysql login etc. is. I know it's still possible to like do resets and stuff, but I just want to make the possibilities of easy breaching smaller. And I don't want the connection to be easily sniffable. So I was wondering if it's useful to use SSL on the local Socket when my Golang application connects to the MySQL server. Besides that I'm wondering how much local SSL would impact the server's performance.
Aucun commentaire:
Enregistrer un commentaire