Daily News |  Current Issue |  Archives  |  Blogs |  Keywords |  Mediakit  |  Advertise |    |  Free Trial!
System News
System News > Volume 143 > Issue 1 > MySQL >
Sign in  |   Register  |   Password Help   |   Membership types
Securing MySQL in a Chrooted Environment: A How-to
 Zone and Crossbow Deliver a Higher Level of Security
January 7, 2010,
Volume 143, Issue 1

A higher level of security for MySQL through chrooting
 

Chrooting, a technique commonly used with MySQL at the file system level, is typically achieved by creating a separated and minimal operating system disk-image to improve system and application security by providing them with a higher degree of isolation. Thierry Manfe has written a how-to that goes a step farther, utilizing the zone and Crossbow virtualization technologies that come with OpenSolaris to get to the next level in terms of isolation.

With this approach, Manfe writes that he can cap the physical resources (RAM, CPU) that an application is allowed to consume isolate the application not only at the file-system level but also at the network level by having the zone use its own virtual NIC (vnic), that in turn has its own mac and IP addresses. The vnic bandwidth itself can also be capped, Manfe writes.

The article illustrates both the instance just mentioned and the strengthened network isolation that results from having the application on a separated virtual network. Manfe notes that Crossbow provides better defense against denial-of-service (DoS) attacks, virtualizing the network stack and NIC around any service (HTTP, HTTPS, FTP, NFS, etc.), protocol or zone.

Each virtual stack can be assigned its own priority and bandwidth on a shared NIC without causing any performance degradation. This architecture protects against attacks directed at a particular service or virtual machine by isolating the impact just to that entity. More details about Crossbow features can be found here, Manfe explains.

The steps in Manfe's process includes the following:

  • Creating a Virtual NIC for the Chrooted Environment
  • Creating a Zone to be used as a Chrooted Environment
  • Configuring the Zone OS
  • Installing MySQL
  • Moving to a Complete Virtual Network
  • Re-configuring the Zone OS

Screen shots and code samples accompany each of the stages.

More Information

MySQL Performance in Virtualization Environment on xVM Hypervisor

Some Best Practices for Secure Use of MySQL on the Web

Virtualization for MySQL on VMware: Best Practices and Performance Guide [...read more...]

Keywords:

fullsource
Print
Email
Current
Profile
Archive
Blog
Generate newsletter
 

Other articles in the MySQL section of Volume 143, Issue 1:
  • Securing MySQL in a Chrooted Environment: A How-to (this article)

See all archived articles in the MySQL section.

Top 10 Most Popular Articles in Current Issue (Vol 168, Issue 1)

Featured Articles



Archive by Section
Archive by Activity
Archive by Date
News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
Just the news you need, none of what you don't – 42,000+ Members – 24,000+ Articles Published since 1998
BigAdmin Cloud Developer Disk Events FOSS Features HPC Hardware Intel
Java MySQL NetBeans News OpenOffice OpenSolaris OpenStorage Partners Performance Publications
Security Servers Service Software Solaris Storage SysAdmin Tape Workstation VendorVoice

Latest Issue  |   Archived Articles  |   Edit Account  |   Blogs  |   About SNI  |   Mediakit  |   NewsToLeads  |   Headlines  |   NewsToLeads  |   RSS Feeds
Copyright © 1998-2011 System News, Inc.