• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • This community is user driven. Be polite with other users.
    • We recommend purchasing a Chevereto license to participate in this community.
    • Purchase a Community Subscription to get even faster ticket response times.

Debug Reveals IP Address

Status
Not open for further replies.
B

bjm

Chevereto Member
Hi all,

We recently had an issue whereby our production database cluster went down for a short period of time.

I noticed in the debug that it reveals the IP address of the DB Server that Chevereto is trying to connect to, which is a little bit of a security risk.

Luckily our DB is contacted over VPN, so the IP means very little, however could be a security risk for others.
 
I don't see how hiding an IP could be a security measure. The real security measure will be to only accept a certain range or defined IP addresses to connect to that host. I think that you are seeing this thing from the wrong side.

The G\ tracer also hides the full system paths (which is also something not related with security at all) but some say that it helps but for me isn't that.
 
Last edited:
Rodolfo,

We implement a large range of security measures for our database clusers. However there are several reasons in which the IP Address should not be revealed to the public.

1. There is just no need.... The sysadmin will know the IP, why do the public need to know this?
2. DDOS attacks. Use CloudFlare to protect yourself, until Rodolfo's script reveals your backend IP's.
3. Security through obscurity. I know this is not widely seem as a great way of security, but any way to make it as hard as possible to learn how someones infastructure is set up, makes it harder to be compromised.

These are just a few reasons, there are many more.
 
I tested like 10 different MySQL servers and I never got the IP of the target database server in the tracer. The only thing I got was the name of the local machine (peer) and errors like "access denied", "refused connection", etc.

I don't see your point, unless you show me the tracer I can't do much about it.
 
Last edited:
As requested. Enjoy.


9b869049a601243d5226de9645e6dac1.png
 
This is an internal IP address as it connects over a secure VPN to the DB so it wont be of much use to you.
 
Internal IPs starts with 192, not with 10. I need the 10.x.x.x IP because every IP I tried doesn't output the target IP in the fatal error thing.
 
Anyway. This is not a bug.

I will add a debug_level config for v3.6.3 that will basically turn on/off print and debug errors but I won't alter the messages displayed by MySQL. I think that a debug level will help with this and with any issue related.
 
Last edited:
Status
Not open for further replies.
Back
Top