search

OpenMage / magento-lts

Official OpenMage LTS codebase | Migrate easily from Magento Community Edition in minutes! Download the source code for free or contribute to OpenMage LTS | Security vulnerability patches, bug fixes, performance improvements and more.
https://www.openmage.org
Open Software License 3.0
868 stars 436 forks source link

Separate admin and front-end database users for monitoring and security #2870

Open loekvangool opened 1 year ago

loekvangool commented 1 year ago

Description

While monitoring OpenMage with logging/APM/slowlog tooling, I'm finding it necessary to distinguish between admin and frontend database access. For example, I'm much more interested in front-end slow queries than admin slow queries. However it's not possible to separate these two traffic flows from the database server logs. Changing the database user uses seems to be an elegant solution.

Expected behavior

Maybe we should extend core_read and core_write with admin_read and admin_write? I'm not sure how feasible it would be, but I know that core_read is optional and therefore there already is a fallback mechanism in OpenMage's PDO implementation.

On top of this, it allows tighter database authorizations for the front-end database user, e.g. the front-end probably does not need CREATE, DROP or TRUNCATE authorizations, limiting the impact of a security breach.

elidrissidev commented 1 year ago

Hey @loekvangool, I've opened a PR to add this feature. Can you test it and let me know if everything is good?

loekvangool commented 1 year ago

@elidrissidev Thanks for your quick work on this. It did seem like a good solution, but @Flyingmana 's is right about the trouble with emulation. The proposed solution with webserver variables is OK for me too, although not as elegant.