ProxySQL Firewall Overview
ProxySQL’s flexible query rules engine has many uses, from Read/Write splitting, sharding and even creating firewall blacklist. This allows ProxySQL to be loved by both Performance and Security-minded engineers.
Starting in ProxySQL 2.0.9, ProxySQL has another Security feature: the Firewall Whitelist.
Modeled on MySQL Enterprise Firewall, this allows a security-conscious administrator to tune access to only allow certain queries.
Imagine a situation where your webapp gets hacked, which exposes your user’s database credentials.
If your webapp connects directly to the database, the malicious user can do what they want to your data with the same permissions your webapp has.
So perhaps they can’t just DROP TABLE because you’ve smartly removed DDL permissions …[Read more]