Does anyone know how to go about encrypting a Cloud Foundry service? I have a PostGreSQL database that runs as a service and I need to encrypt at rest. My understanding is that I should encrypt the whole filesystem, however I’m not sure how to go about doing that.
Haven’t tried anything yet.
Related
So I possibly have a dumb question about MongoDB hosting. I'm learning the MERN stack and can't figure out how to host my app. Most of the tutorials I've seen use Heroku I believe, but it's just yet another service or thing to learn or manage. I've used Postman to verify the code works. And yes I've googled this, which only confused me more.
I have several Dreamhost domains, but can't find much info on using it to host MongoDB. Is it possible to use my current host or do I HAVE to point the DNS or whatever to another server/service, or just plain move my domain to a different provider?
Also, I've got a client/front-end directory and an api/server directory in my root folder. Is that standard practice, do I need to upload them to different hosts, merge them or what? I cannot for the life of me get the backend to work.
Edit/Update:Thank you for the response! Sorry im just now answering. It was a crazy week. The code itself works. I built a portfolio blog with a login/register system with express/mongodb to store users and posts. ALL my domains are on dreamhost and didn't want to spread out service providers if I could help it. I've built websites with PHP and SQL on there and it was easy. But from what I could find out MongoDB cannot be used on dreamhost servers. I ended up using heroku, which worked, although I haven't been able to point my DNS from my dreamhost domain to it yet. Currently it has a domain name of ***.herokuapp.com and is hosted on heroku. So that's where my problem is now, but still want to figure understand the why and how a little better. How is MongoDB different from SQL other than the relational aspect and why does it need something like heroku as opposed to dreamhost or blue host or godaddy?
So first thing first, you should know that MongoDb is hosted on an OS, now that can be your own system, cloud server or a service provider.
Domain name are nothing but just a pointer to your actual server. So you have to host your MondoDb somewhere, whether that be a service like Mongo Atlas or you have to spin up your own server on digitalocean, AWS, gcp etc.
For that need to see what are you actually doing, can't comment without having a look at your code. If you not comfortable sharing all the code online. You can personally chat with me.
I've created one instance on Google Cloud with PostgreSql and I've connected the data studio with this database adding all the addresses specified in white list specified at link below
[https://support.google.com/datastudio/answer/7288010?hl=en]
With that solution I have to open access to my database to a lot of addresses. And this issue, associated to the fact that SSL is not supported is
a big lack of security.
Is there any different way to use google data studio for reports?
Maybe using CloudSqlProxy and considering google data studio as an external application from the GC environment?
Thanks for cooperation
Michele
I am assuming you are concerned about data being exposed due to the lack of support for SSL. Though that is a valid concern in a lot of cases, for your specific use case, it should not matter:
All the ip addresses that you have to whitelist here are Google Server/infrastructure addresses.
Data Studio as an application runs on Google's servers. So the communication between Google Cloud SQL and Google Data Studio will be entirely within Google's network. Even if it is not SSL, that traffic should not be exposed to outside world.
The connection between any client computer (where report is being viewed) and Data Studio will always be HTTPS.
However, if you still want to have an SSL connection, you can create a Community Connector in Apps Script that uses the JDBC service to connect to databases using SSL.
Try using client.key in both client fields.
The solution posted below helped here,
https://support.google.com/datastudio/thread/8739014?hl=en
I'm trying to apply security best practices to an AWS RDS postgresql instance, but Amazon seems to have gone out of its way to prevent some fairly common and routine features around authentication. I don't seem to be able to authenticate against any external source, which sucks, since now I have to maintain db users completely separately from normal user management. But it seems that, despite the fact that I can use SSL to connect, none of the functionality that might actually validate a client's cert against the server's CA is accessible in RDS. Is this true? It seems like the easiest thing in the world to have amazon sign certs with it CA and then validate those certs against that CA when connections are established, yet I cannot find any mention of how to do it in the documentation or out on the web. Am I really confined ONLY to password authentication of db-internal users? This is almost hard to believe, but after days of research, is the only conclusion I have been able to support.
I have a web app that I have built and am hosting with my own provider. I am wanting to connect this to a Google Cloud SQL database. What is the best way to do this?
I spoke with my hosting provider and they stated that they have no IP addresses / ranges they can give me to setup with GCSQL.
Any help on this would be appreciated. Sorry if this questions is completely simple and not complicated at all.
Connect using the instance IP address provided by Google Cloud SQL (link). Be sure to use SSL.
I'm just confused on how CloudFoundry exactly works.
So if I create a service, will it be hosted on their cloud and I can expect it to run indefinitely?
Yes, CloudFoundry will host your service and it will run as long as they are up, but to access it you must bind the service to an app.
The concept of service in Cloud Foundry is quite open, it can refer to an app running in CF or outside, e.g. somewhere on the local network or on AWS or anywhere else.
I recently wrote a blog entry about how you can turn an existing app into a CF service, you might find it useful.