On Thu, 2005-01-27 at 13:32 +0100, klaus@stripped wrote:
> What about using your firewall settings to deny access to the ndb_mgmd
> port from machines other than itself and machines running ndbd's and
> mysqld's ?
(assuming your running on linux)
you can set up iptables firewall rules to do pretty much exactly what
you want.
the simple rule of "only allow packets from cluster nodes to 1186"
should help.
as for only a specific user, check out the owner module of iptables
(look at the man page for docs). You can then (on each node) only allow
processes with a specific effective user id to send packets to the
management server.
If you are concerned about security for cluster then use a private
network that's dedicated to cluster traffic. This will not only provide
you with network security, but remove the possibility of other network
traffic interfering with performance/reliability of cluster.
currently, the protocols used by cluster are not designed to be secure
(and you will seldom find a cluster product that is).
--
Stewart Smith, Software Engineer
MySQL AB, www.mysql.com
Office: +61 4 3 8844 332
Are you MySQL certified? www.mysql.com/certification
Attachment: [application/pgp-signature] This is a digitally signed message part signature.asc
Attachment: [application/pgp-signature] This is a digitally signed message part signature.asc
