Comments (8)
Hello,
I am very interested by the TLS feature, how is going for the implementation ? I didn't find information regarding secure connexion in the documentation.
I have seen https://www.pivotaltracker.com/n/projects/969486/stories/130875083 which seems to go in the right way.
Best regards
from cf-mysql-release.
We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/100245664.
from cf-mysql-release.
@csterwa Sorry for letting this sit for so long. Unfortunately we don't currently support SSL connections to our service. I believe @menicosia has some future plans around better encryption at rest and in transit that could be added to the service.
from cf-mysql-release.
Hi @csterwa,
I was surprised to see @ljfranklin's update (thanks Lyle!), so I looked into what happened to this request. It turns out I mis-placed this story in the wrong backlog back in September 1, and lost track of it. I am sorry! I've put the Tracker story back where it'll get more attention soon.
The short story is that today, we do not support encrypted connections into the database. Historically, that's because this hasn't been strictly necessary. The only apps that have been able to connect to p-mysql are CF-deployed apps, which are within the CF "firewall."
However, in 2016, we'll be spending a lot more time on security. That's because, as we solve more "enterprise ready criteria," for p-mysql, it's becoming a more central database that are used both for business-critical apps, but increasingly, also for off-CF access. For now, I have a workaround that allows encrypted communication into CF-land, and from there is still unencrypted: https://docs.google.com/document/d/1iUXPM8ssQv3nDP9BXQs7oEymTL7HUqjgAC7Yw2W16jk/edit?usp=sharing -- Please feel free to let me know how this works for you.
We will be planning to make encrypted access easier in coming releases. I'll leave this issue open, and the Tracker story will be prioritized so that when we make a release that includes encryption options, we'll be sure to update this issue.
Marco Nicosia
Product Manager
Pivotal Software, Inc.
PS - FYI, we'll also be working on ways to offer MariaDB 10.1 in coming releases. One of the reasons we're excited to do so is because Google has contributed their on-disk encryption tech to MariaDB, and that's available in 10.1. We haven't started looking at it yet, but we're confident that 10.1 releases will greatly enhance our security story.
from cf-mysql-release.
TLS is now on our roadmap. We'll be working on how to plumb encryption through to cf-deploy'd apps in the coming months.
Marco Nicosia
Product Manager
Pivotal Software, Inc.
from cf-mysql-release.
Nice, thanks for the heads up
from cf-mysql-release.
Thank you @menicosia. Looking forward to using this in the near future.
from cf-mysql-release.
@csterwa we've added preliminary support for TLS starting with cf-mysql-release v36.7.0, you can configure it using these job properties.
Closing this issue now that we've added basic support. If you have issues with TLS please reopen this issue or create a new one.
from cf-mysql-release.
Related Issues (20)
- question about the plan for mariadb version 10.2 HOT 8
- Mysql Dashboard Unavailable HOT 3
- "packets.go:36: unexpected EOF" errors for CF deployment's MySQL instance HOT 9
- Add support for service instance sharing HOT 1
- SST with empty /var/vcap/store/mysql doesn't work with 36.12.0 - Error: Move file ib_logfile0 to /var/vcap/store/mysql/ib_logfile0 failed: Destination file exists HOT 3
- bosh upload-release error HOT 3
- Drain does not check for Galera cluster health HOT 8
- Config Load Balancer for cf-mysql-release. HOT 1
- BOSH BBR failing with 36.14.0 HOT 4
- mariadb_ctrl job has problems with quotation marks in the password HOT 4
- security: mariadb bump to 10.1.37 HOT 3
- build-mysql-release fails cf-mysql-release/packages/golang-1.11-linux/spec: no such file or directory HOT 10
- Smoke Test MySQL Deployment - Proxy HOT 3
- Support loading the keyring plugin when starting the server HOT 1
- Standard Configuration Change required at my.cnf.erb HOT 3
- how to deploy cf-mysql with or without setting Load Balancer and p-mysql service bindable ? HOT 1
- Switchboard automatic process failure-restart HOT 1
- Support multiple CF instances HOT 1
- Unknown host errors while accessing PCF MySql instance. HOT 1
- bionic stemcell compatibility HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cf-mysql-release.