ProxySQL Firewall Overview
ProxySQL’s flexible query rules engine has many uses, from
Read/Write splitting, sharding and even creating firewall
blacklist. This allows ProxySQL to be loved by both Performance
and Security-minded engineers.
Starting in ProxySQL 2.0.9, ProxySQL has another Security
feature: the Firewall Whitelist.
Modeled on MySQL Enterprise Firewall, this allows a
security-conscious administrator to tune access to only allow
certain queries.
Imagine a situation where your webapp gets hacked, which exposes
your user’s database credentials.
If your webapp connects directly to the database, the malicious
user can do what they want to your data with the same permissions
your webapp has.
So perhaps they can’t just DROP TABLE because you’ve
smartly removed DDL permissions …
[Read more]