You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This story should be used to plan out how the PostgreSQL and MySQL handlers will be updated to enable communication with the backends via SSL. It will likely involve:
Digging into the handler code to understand how each of them currently works
Researching how MySQL clients typically implement SSL in the client-to-backend connection (the MySQL protocol docs may be helpful)
Researching how PostgreSQL clients typically implement SSL in the client-to-backend connection (the PostgreSQL SSL docs may be helpful)
Looking for OSS libraries (esp. in golang) that we can leverage in building this functionality (for example, the Google CloudSQL Proxy probably has some useful info)
The end result should be a solid plan for the path forward.
izgeri
changed the title
A plan exists for updating the MySQL handler to use SSL for the backend connection
A plan exists for updating the database handlers to use SSL for the backend connections
Sep 28, 2018
can you add some examples to clarify the UX of using the handlers with SSL? I'm not sure I follow what the config changes required will look like. I am wondering if there is a way to do this so that it's even more transparent to the user (not sure if that's possible)
can you expound on why the default is to not use SSL? tbh this surprised me, and now I'm wondering what's the standard for db client/server connections - it seems like it varies from client to client
do you have an understanding of the specific changes that will need to be made to each handler to get this working? what I don't have from this is a clear picture of the next steps / what's missing, which makes it hard to understand scope. if you have context around this, it would be helpful to add (maybe in an additional section?). right now, most of the functionality you describe for mysql / pg already exists - so tracking where the changes are is a little tricky.
This story should be used to plan out how the PostgreSQL and MySQL handlers will be updated to enable communication with the backends via SSL. It will likely involve:
The end result should be a solid plan for the path forward.
Plan: Downstream-TLS-Support-for-Database-Handlers
The text was updated successfully, but these errors were encountered: