bbbcd424dd
Use proper spelling: back-end (adjective), back end (noun) Change-Id: I31656052a094166fda7ce25da02d501351beacab Closes-Bug: #1342894
36 lines
2.7 KiB
XML
36 lines
2.7 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<chapter xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="database-backend-considerations">
|
|
<?dbhtml stop-chunking?>
|
|
<title>Database back end considerations</title>
|
|
<para>The choice of database server is an important consideration in the security of an OpenStack deployment. While security considerations are not the only basis on which a database server must be chosen, security considerations are the only ones within the scope of this book. In practice, OpenStack only supports two database types: PostgreSQL and MySQL.</para>
|
|
<para>PostgreSQL has a number of desirable security features such as Kerberos authentication, object-level security, and encryption support. The PostgreSQL community has done well to provide solid guidance, documentation, and tooling to promote positive security practices.</para>
|
|
<para>MySQL has a large community, widespread adoption, and provides high availability options. MySQL also has the ability to provide enhanced client authentication by way of plug-in authentication mechanisms. Forked distributions in the MySQL community provide many options for consideration. It is important to choose a specific implementation of MySQL based on a thorough evaluation of the security posture and the level of support provided for the given distribution.</para>
|
|
<section xml:id="database-backend-considerations-idp39568">
|
|
<title>Security references for database back ends</title>
|
|
<para>Those deploying MySQL or PostgreSQL are advised to refer to existing security guidance. Some references are listed below:</para>
|
|
<para>MySQL:</para>
|
|
<itemizedlist><listitem>
|
|
<para><link xlink:href="https://www.owasp.org/index.php/OWASP_Backend_Security_Project_MySQL_Hardening">OWASP MySQL Hardening</link></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><link xlink:href="http://dev.mysql.com/doc/refman/5.5/en/pluggable-authentication.html">MySQL Pluggable Authentication</link></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><link xlink:href="http://downloads.mysql.com/docs/mysql-security-excerpt-5.1-en.pdf">Security in MySQL</link></para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>PostgreSQL:</para>
|
|
<itemizedlist><listitem>
|
|
<para><link xlink:href="https://www.owasp.org/index.php/OWASP_Backend_Security_Project_PostgreSQL_Hardening">OWASP PostgreSQL Hardening</link></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><link xlink:href="http://www.ibm.com/developerworks/opensource/library/os-postgresecurity">Total security in a PostgreSQL database</link></para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
</chapter>
|