Consider MySQL backend for events #5859
Labels
feature-request
Used for new features in Teleport, improvements to current should be #enhancements
Comments
klizhentas
added
the
feature-request
|
Note: we also might want to consider an API/plugin based approach if we want to use a shared database in the cloud. IE, bootstrap an API infront of the underlying DB that is based on mTLS and does all enforcement and audit of a tenant is only able to reach their own data via a limited set of API calls (gRPC/mTLS for example) that bridges to the SQL database and does all enforcement of data. IIRC, mysql had some security issues a couple years ago where mysql client by design could do some arbitrary processing server side (I think it was writing a temp file or something weird like that to the server). Not just that though, supporting SQL as a protocol and using database RBAC may have some surface area concerns in the security model. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What
Consider MySQL backend for events. Related to problems expressed in #5435 and #5858
MySQL drivers for backend will allow us to try AWS Aurora or PingCAP TiDB multicloud version
The text was updated successfully, but these errors were encountered: