Sysadmin

12047 readers

1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 2 years ago

MODERATORS

DarraignTheSane@lemmy.world

00Lemming@lemmy.world

L3s@lemmy.world

MariaDB 11.8's zero-configuration TLS requires no manual setup (optimizedbyotto.com)

submitted 3 months ago by otto@programming.dev to c/sysadmin@lemmy.world

4 comments fedilink hide all child comments

This is nice for those tired of wrestling with TLS certs and CAs for your database

you are viewing a single comment's thread
view the rest of the comments

[–] frongt@lemmy.zip 9 points 3 months ago (3 children)

Connection encryption is pretty low on the list of priorities for database security. Proper accounts and rights management is far more important.

SQL traffic shouldn't really run over anything but short LAN links. Ideally separated from other stuff entirely, but just not spewed over your whole LAN, and really not over the Internet at all.

TLS is good, yes, but unless you're also validating those certs they don't mean much. Client certs would be even better.

[–] otto@programming.dev 3 points 3 months ago

TLS is good *only' if you are also validating those certs. And that is what MariaDB 11.8 is now doing.

load more comments (2 replies)