On Thursday 15 February 2001 12:47, Paul Repacholi wrote:
>> If the slave can update the master by proxy, security-wise this is
>> equivalent to anybody who connects to the slave being able to do
>> anything a replication user can on the master. So in that case, this
>> is the same as connecting directly to the master anyway with slave
>> user privileges.
>This is totaly wrong. Via the slave gives ONLY MySQL access, and that
>may well be restricted as well. It give NO access to any other net
>traffic at all.
>That is why it is liked, and required in some cases by security.
How is it more secure that just opening MySQL port on the master, and
restricting the privileges inside MySQL on the master? The only extra benefit
I see is that you cannot exploit the protocol vulnerabilities on a low level.
Otherwise, you can run all the same queries by proxy through the slave as you
would directly on the master.
MySQL Development Team
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sasha Pachev <sasha@stripped>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/
/_/ /_/\_, /___/\___\_\___/ Provo, Utah, USA