[Topaz-dev] Mulgara Security
Russell Uman
ruman at plos.org
Wed Mar 12 14:38:10 PDT 2008
Does mulgara currently have, or will it have in a future release, any way to
restrict access with some kind of password auth?
It strikes me that currently anyone who manages to get a shell on a machine that
can connect to mulgara (mulgara server itself, any pubapp, *and* the backup
server in our current implementation) can connect and run random itql queries
with no restriction if they are familiar with mulgara.
having come to this realization, i can make the current set up a little more
secure by getting rid of the connection from backup server to mulgara, but it's
still a little scary...
More information about the Topaz-Dev
mailing list