openstack/openstack-manuals
Code Issues Proposed changes
18be804cdb
openstack-manuals/doc/security-guide/ch041_database-backend-considerations.xml
Andreas Jaeger 6bf4dedafc Edits on security guide 
Change all titles to sentence style capitalization (some were already,
majority not)
Adjust project and service name spelling.
Minor edits
Fix links to TPM section

Change-Id: Ic8cc709b068d2273762f074daa5ac30ebe9aaf20
Partial-Bug: #1217503
2014-05-06 22:40:19 +02:00

35 lines
2.7 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns="http://docbook.org/ns/docbook"
version="5.0" xml:id="ch041_database-backend-considerations">
<?dbhtml stop-chunking?>
<title>Database back-end considerations</title>
<para>The choice of database server is an important consideration in the security of an OpenStack deployment. While security considerations are not the only basis on which a database server must be chosen, security considerations are the only ones within the scope of this book. In practice, OpenStack only supports two database types: PostgreSQL and MySQL.</para>
<para>PostgreSQL has a number of desirable security features such as Kerberos authentication, object-level security, and encryption support. The PostgreSQL community has done well to provide solid guidance, documentation, and tooling to promote positive security practices.</para>
<para>MySQL has a large community, widespread adoption, and provides high availability options. MySQL also has the ability to provide enhanced client authentication by way of plug-in authentication mechanisms. Forked distributions in the MySQL community provide many options for consideration. It is important to choose a specific implementation of MySQL based on a thorough evaluation of the security posture and the level of support provided for the given distribution.</para>
<section xml:id="ch041_database-backend-considerations-idp39568">
<title>Security references for database back-ends</title>
<para>Those deploying MySQL or PostgreSQL are advised to refer to existing security guidance. Some references are listed below:</para>
<para>MySQL:</para>
<itemizedlist><listitem>
<para><link xlink:href="https://www.owasp.org/index.php/OWASP_Backend_Security_Project_MySQL_Hardening">OWASP MySQL Hardening</link></para>
</listitem>
<listitem>
<para><link xlink:href="http://dev.mysql.com/doc/refman/5.5/en/pluggable-authentication.html">MySQL Pluggable Authentication</link></para>
</listitem>
<listitem>
<para><link xlink:href="http://downloads.mysql.com/docs/mysql-security-excerpt-5.1-en.pdf">Security in MySQL</link></para>
</listitem>
</itemizedlist>
<para>PostgreSQL:</para>
<itemizedlist><listitem>
<para><link xlink:href="https://www.owasp.org/index.php/OWASP_Backend_Security_Project_PostgreSQL_Hardening">OWASP PostgreSQL Hardening</link></para>
</listitem>
<listitem>
<para><link xlink:href="http://www.ibm.com/developerworks/opensource/library/os-postgresecurity">Total security in a PostgreSQL database</link></para>
</listitem>
</itemizedlist>
</section>
</chapter>
View Git Blame Copy Permalink