The Question
Recently, a customer asked us:
We were wondering if the Connectors would be able to bind to
localhost/127.0.0.1
instead of0.0.0.0:3306
? Since the Connector is installed on the application servers, all of the connections are coming fromlocalhost
. We would like to limit this exposure so that the3306
port is not exposed externally. We ask because we are failing PCI checks that are able to access the database port externally.
The Answer
YES!
You may set the IP address for the Connector to listen on by using the tpm
command option: property=server.listen.address={IP_ADDRESS}
To force the Connector to listen on the localhost only use the following example:
shell> tools/tpm configure alpha --property=server.listen.address=127.0.0.1
shell> tools/tpm update --replace-release
Use the IP address instead of the hostname to prevent DNS or /etc/hosts
lookups.
For more information about configuring the Connector IP address, please visit the docs page at https://docs.continuent.com/tungsten-clustering-6.0/connector-advanced-listen-address.html
Summary
The Wrap-Up
In this blog post we discussed one way to configure the Tungsten Connector for PCI Compliance.
To learn about Continuent solutions in general, check out https://www.continuent.com/solutions
The Library
Please read the docs!
For more information about configuring the Connector IP address, please visit the docs page at https://docs.continuent.com/tungsten-clustering-6.0/connector-advanced-listen-address.html
For more information about Tungsten clusters, please visit https://docs.continuent.com.
Tungsten Clustering is the most flexible, performant global database layer available today - use it underlying your SaaS offering as a strong base upon which to grow your worldwide business!
For more information, please visit https://www.continuent.com/solutions
Want to learn more or run a POC? Contact us.
Comments
Add new comment