Not the answer you need?
Register and ask your own question!

About PMM security problem.

bckimbckim ContributorCurrent User Role Beginner
hi,


I've installed pmm-latest version.

but there is some security issue.


pmm db user has too many privilege in database. (including select all data / super)

and pmm db user's password is in pmm.yml

so it could be dangerous.


how could I solve this security problem?

could we use incrypt the pmm.yml file?


thanks,

Comments

  • PeterPeter Percona CEO Percona Moderator Role
    The situation with PMM is no different with any other application/script you chose to run on your server. It needs to have the password and in vast majority of the cases it will be stored in the config file.

    pmm configuration files are only accessible by "root" user which will protect credentials from being accessed by other users.

    You can also use file system level encryption if your policies prevent you from having any passwords stored in the plain text.

    In terms of PMM permissions - you can revoke certain privileges but when some functionality will become unavailable. For example SELECT you mention is needed for PMM to be able to run EXPLAIN on the queries.
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.