Sysadmin

11452 readers

13 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 2 years ago

MODERATORS

DarraignTheSane@lemmy.world

00Lemming@lemmy.world

L3s@lemmy.world

MariaDB 11.8's zero-configuration TLS requires no manual setup (optimizedbyotto.com)

submitted 1 month ago by otto@programming.dev to c/sysadmin@lemmy.world

4 comments fedilink hide all child comments

This is nice for those tired of wrestling with TLS certs and CAs for your database

you are viewing a single comment's thread
view the rest of the comments

[–] frongt@lemmy.zip 9 points 1 month ago (3 children)

Connection encryption is pretty low on the list of priorities for database security. Proper accounts and rights management is far more important.

SQL traffic shouldn't really run over anything but short LAN links. Ideally separated from other stuff entirely, but just not spewed over your whole LAN, and really not over the Internet at all.

TLS is good, yes, but unless you're also validating those certs they don't mean much. Client certs would be even better.

[–] pcn@lemmy.world 5 points 1 month ago

Some compliance measures (PCI DSS 4, HIPAA) mandate encryption in transit and none penalize it, so making any of that easier and less error-prone seems like a step in the right direction.

load more comments (2 replies)