Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A plan exists for updating the database handlers to use SSL for the backend connections #460

Closed
4 tasks done
izgeri opened this issue Sep 28, 2018 · 2 comments
Closed
4 tasks done

A plan exists for updating the database handlers to use SSL for the backend connections #460

izgeri opened this issue Sep 28, 2018 · 2 comments
Assignees
@doodlesbykumbi
Labels
kind/spike
Milestone
0.6.0

Comments

@izgeri
Copy link
Contributor

izgeri commented Sep 28, 2018
edited by doodlesbykumbi

This story should be used to plan out how the PostgreSQL and MySQL handlers will be updated to enable communication with the backends via SSL. It will likely involve:

  • Digging into the handler code to understand how each of them currently works
  • Researching how MySQL clients typically implement SSL in the client-to-backend connection (the MySQL protocol docs may be helpful)
  • Researching how PostgreSQL clients typically implement SSL in the client-to-backend connection (the PostgreSQL SSL docs may be helpful)
  • Looking for OSS libraries (esp. in golang) that we can leverage in building this functionality (for example, the Google CloudSQL Proxy probably has some useful info)

The end result should be a solid plan for the path forward.

Plan: Downstream-TLS-Support-for-Database-Handlers
This was referenced Sep 28, 2018
Closed
Closed
@izgeri izgeri changed the title A plan exists for updating the MySQL handler to use SSL for the backend connection A plan exists for updating the database handlers to use SSL for the backend connections Sep 28, 2018
@izgeri izgeri mentioned this issue Sep 28, 2018
Closed
3 tasks
@izgeri izgeri mentioned this issue Nov 14, 2018
Closed
@izgeri izgeri added the defined label Nov 14, 2018
@doodlesbykumbi doodlesbykumbi self-assigned this Nov 28, 2018
@doodlesbykumbi
Copy link
Contributor

doodlesbykumbi commented Nov 28, 2018
edited

Here's the plan draft: #531

@izgeri
Copy link
Contributor Author

izgeri commented Nov 28, 2018

@doodlesbykumbi a few questions:

  • can you add some examples to clarify the UX of using the handlers with SSL? I'm not sure I follow what the config changes required will look like. I am wondering if there is a way to do this so that it's even more transparent to the user (not sure if that's possible)
  • can you expound on why the default is to not use SSL? tbh this surprised me, and now I'm wondering what's the standard for db client/server connections - it seems like it varies from client to client
  • do you have an understanding of the specific changes that will need to be made to each handler to get this working? what I don't have from this is a clear picture of the next steps / what's missing, which makes it hard to understand scope. if you have context around this, it would be helpful to add (maybe in an additional section?). right now, most of the functionality you describe for mysql / pg already exists - so tracking where the changes are is a little tricky.

@doodlesbykumbi doodlesbykumbi mentioned this issue Nov 28, 2018
Merged
@ghost ghost added the in progress label Nov 28, 2018
@izgeri izgeri added this to the 0.6.0 milestone Dec 3, 2018
@izgeri izgeri added releasing and removed merged labels Dec 21, 2018
@izgeri izgeri closed this as completed Dec 21, 2018
@izgeri izgeri removed the released label Dec 21, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@doodlesbykumbi doodlesbykumbi

Labels
kind/spike
Milestone
0.6.0
Development

No branches or pull requests
2 participants
@doodlesbykumbi @izgeri