voiprodrigo

Scenario

-------------       ----------------       ---------
| Browser   |<----->| Apache httpd |<----->| Qlik  |
|           |  SSL  |     2.4.9    |  SSL  | Sense |
-------------       ----------------       ---------

voiprodrigo

-- show running queries (pre 9.2)
SELECT procpid, age(query_start, clock_timestamp()), usename, current_query 
FROM pg_stat_activity 
WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%' 
ORDER BY query_start desc;

-- show running queries (9.2)
SELECT pid, age(query_start, clock_timestamp()), usename, query 
FROM pg_stat_activity 
WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%' 

voiprodrigo

goal
----

The goal is send syslog traffic to a remote host and use unpriviledged ports;
so that I can have my logstash (http://logstash.net/) server not need to
run as root. On vSphere 5.1, tcp 1514 is covered by the syslog rule, but
in my case udp is preferred.

installation
------------

voiprodrigo

Our goal is to save sensitive data in a MySQL database in a responsible way, and be able to read/write it programmatically in a PHP web application. Asymmetric encryption would be best, but is not practical here. Symmetric encryption with a strong algorithm and hard-to-guess cipher is acceptable, but not if we store the cipher in plain text on the same server where the database credentials also live in plain text!

This work-in-progress is subject to change if/when I come up with a better scheme, but for now, the plan is to:

• store the cipher as a vault secret;
• configure TLS authentication so that our PHP application can log in, and then
• create a token that allows its bearer to read the secret (our cipher);
• use a PHP component and our cipher to encrypt/decrypt our sensitive data.