Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why we need user and permissions? #4334

Closed
xialvjun opened this issue Aug 27, 2017 · 6 comments
Closed

Why we need user and permissions? #4334

xialvjun opened this issue Aug 27, 2017 · 6 comments

Comments

@xialvjun
Copy link

Why not just put user and permissions all at application level rather than database level?
Database can act as a ssh server and application can act as a ssh client.
Database can just set host, port, and ssh public key.
Application just link to the database.

That's all.

Why we need a system for user and permissions?
@tshqin
Copy link
Contributor

tshqin commented Aug 27, 2017

database is an independent system, it can be accessed with or without applications, regardless of on-premises/off-premises, security is high on the priority list in the corporate infrastructure.
Consider an extreme case that a MySQL server is deployed on a public cloud service, using default port and easy password like 'password', I bet it will be hacked within a week, some bitcoins will be needed as the redemption fee then.

@xialvjun
Copy link
Author

I think database is neerly impossible to be set on a public enviroment.
Even if it be set on a public enviroment, it not for public use. We can use ways like ssh to connect to the database.

@tshqin
Copy link
Contributor

tshqin commented Aug 27, 2017

one has permission on OS doesn't mean one should have permission on db, they are different roles. "Nothing worse than a familiar enemy"

@xialvjun
Copy link
Author

I didn't mean we use ssh to connect the database. I mean just use a way like ssh to connect the database rather than using username and password.

Well, there are two dimensions: user system and permission system.
We can use public-private key to replace user system for better security.
We can abandon permission system because in normal case(one application for one database) we don't need it, in special case(multi applications for one database) we can transform it to normal case(database > dbos > app1 + app2)

@tshqin
Copy link
Contributor

tshqin commented Aug 27, 2017

SSH, especially SSL/TLS are supported by many dbms, they're optional and have no conflict with user/password.
eg. MySQL connection methods:
https://dev.mysql.com/doc/workbench/en/wb-manage-server-connections.html
For TiDB, I'm not sure if it supports SSH/SSL/TLS yet or not.

@shenli
Copy link
Member

shenli commented Aug 27, 2017

@xialvjun @tshqin SSL/TLS will be supported in this PR.
For most applications, username/password is the standard authentication method.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shenli @xialvjun @tshqin