> How is it more secure that just opening MySQL port on the master,
> and restricting the privileges inside MySQL on the master? The only
> extra benefit I see is that you cannot exploit the protocol
> vulnerabilities on a low level. Otherwise, you can run all the same
> queries by proxy through the slave as you would directly on the
> master.
Because you also expose the host to your originating network. Also
consider the case of the client and server in 192.168 nets. Different
nets. A proxy with forwarding turned off can stradle the nets to give
access to the server for MySQL. If you route, hell would break loose!
The server machine can be running more that MySQL, and you may not
wish to expose that.
Also, it is far less pain to put all the smarts in the proxy, and have
no changes to the clients at all. That can be tested, all the clients
out there can't. If the client side want's to use the multi-server
stuff, then it can move after the server-proxy has been debugged and
cleaned up.
--
Paul Repacholi 1 Crescent Rd.,
+61 (08) 9257-1001 Kalamunda.
West Australia 6076
Raw, Cooked or Well-done, it's all half baked.
