Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
I
ISPConfig 3
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 479
    • Issues 479
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 21
    • Merge Requests 21
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • ISPConfig
  • ISPConfig 3
  • Issues
  • #2130

Closed
Open
Opened Aug 17, 2012 by Antal@antal

mysql database security with multiple servers

The security for the multiple server scenario should be reviewed/discussed. When adding a new server to ISPConfig it gets full access to the main ISPConfig database including all other databases. If the new server is compromised the whole ISPConfig configuration is in danger including all other servers.

In our setup we've got one more secure main server with the ISPConfig interface/database and websites build by us. On the second server we have websites that are maintained by clients, FTP access and phpMyadmin access. Somewhat less secure then the main.

My idea is that all other servers should talk to ISPConfig via an API that only offers the needed information. If I don't have e-mail setup on the other server it should be able to retrieve encrypted passwords and other e-mail configuration. Another solution would be to let the main server push settings to the client servers, but this results in more traffic and possible errors I guess.

What do you think? Maybe there is another way to get the setup more secure?

Assignee
Assign to
3.3
Milestone
3.3
Assign milestone
Time tracking
None
Due date
None
Reference: ispconfig/ispconfig3#2130