- 快召唤伙伴们来围观吧
- 微博 QQ QQ空间 贴吧
- 文档嵌入链接
- 复制
- 微信扫一扫分享
- 已成功复制到剪贴板
Securing Access to Facebook's Databases
自从开始,Facebook就使用了一个常规的使用者/密码,以确保安全的存取到MySQL实例。在过去几年中,我们一直在努力争取X509 TLS客户证书认证连接。给脸书上的许多语言和系统类型,在某种方式上使用神秘——这就需要一大批的变换队伍。
这是一个部分技术综述,我们的新解决方案是如何工作的,一部分艰难的学习作弊,让整个公司在神秘的客户图书馆下改变自己。
展开查看详情
1 . Securing Access to Facebook's Databases A multi-year journey presented by Andrew Regner
2 . Securing Access to Facebook's Databases
3 .Words
4 .Words
5 .Words
6 .Words
7 .MySQL Security c. 2004
8 .MySQL Security c. 2015
9 .Know how x509 works?
10 .x509 - pub/priv
11 .x509 - signing
12 .x509 - handshake
13 .The ACLs
14 .The ACLs
15 .The ACLs
16 .Client Identities
17 .Life of a Connection
18 .Life of a Connection
19 .Life of a Connection
20 .Life of a Connection
21 .Life of a Connection
22 .Life of a Connection
23 .+-----------------------------------------------------------------------------------------------------------+ | Grants for readonly:xdb@% | +-----------------------------------------------------------------------------------------------------------+ | GRANT SELECT, SHOW VIEW ON `potatoes_17`.* TO 'readonly:xdb'@'%' REQUIRE SUBJECT '/CN=mysql:readonly:xdb' | +-----------------------------------------------------------------------------------------------------------+
24 .Generating Grants - shards +-----------------------------------------------------------------------------------------------------------+ | Grants for readonly:xdb@% | +-----------------------------------------------------------------------------------------------------------+ | GRANT SELECT, SHOW VIEW ON `potatoes_17`.* TO 'readonly:xdb'@'%' REQUIRE SUBJECT '/CN=mysql:readonly:xdb' | +-----------------------------------------------------------------------------------------------------------+
25 .Generating Grants - universal
26 .SSL Problems at Scale
27 .SSL Problems at Scale
28 .SSL Problems at Scale
29 .SSL Problems at Scale