Would it be possible to set up a MySQL cluster such that some participants have read-only access, and others have full admin access to the database?
The read-only participants would not be able to Create Table, Insert, Update, Drop, Delete, etc. But they would still receive and propagate updates made from the write-access participants.
From what I understand, when someone has your ipfs/p2p service_discovery_id
and service_command_topic
, they have full admin access to the database depending on the local MySQL User rights. So all nodes in the network must be trusted not to abuse the system.
Say, instead, we make two p2p IceFire-Proxy clusters: one service_discovery_id/_topic
for the Writers, and another combo for the read-only access.
And then we set up both zones to the same local MySQL database, only using different MySQL local accounts with different access: a readonly
user and the normal root
user.
Any suggestions on how to hook up some rudimentary access control with the SQL Proxy?
Questions:
- Could the SQL Proxy pick up and publish changes made directly on the MySQL local db by another SQL Proxy instance in real time? Would we need to add triggers?
- What happens if the SQL Proxy receives a database error from the local node (say, from access denied)? Will it propagate the request anyway to the next nodes?
- What happens if the node receives an abusive SQL query that creates a database error from someone else? Will that be propagated to all participants too?
Thanks!
I now see that the Redis proxy has all commands configured as either read
or write
commands here: https://github.com/search?q=repo%3AIceFireDB%2FIceFireDB%20AddReadCommand&type=code
Say we abandon SQL and want to use Redis for this instead.
Could this system be used to check that Write commands only come from allowed nodes?