[prev in list] [next in list] [prev in thread] [next in thread]
List: wsas-java-dev
Subject: Re: [Dev] What is the reason for recommending to use two different databases for registry and user m
From: Senaka Fernando <senaka () wso2 ! com>
Date: 2013-12-28 8:57:15
Message-ID: CAPniqXJcy-4Xh_rnLM+KSbeE-CPTG8q7CxZqkf+jjgS9503Ukw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Isuru,
To me the main reason is the improved security in having these separate. A
potential breach into either will not impact the other.
The next reason is also related to security but also simplifies management
(i.e. replication, back-up-and-restore etc.) as well. That is when you
federate the registry or the user permission store - they might be done in
different ways. Having these two separate databases makes it easier to
share only what you want, instead of making everything available always.
Given the good habit of not overloading a single server, a shared
connection pool wouldn't harm most standalone production deployments, but
if you have multiple tenants etc, its is good practice to separate these as
Amila pointed out. Because the access patterns of the registry and UM are
not the same, having separate pools improves performance.
Thanks,
Senaka.
On Mon, Dec 23, 2013 at 10:53 AM, Amila Maha Arachchi <amilam@wso2.com>wrote:
> Hi Isuru,
>
> Several reasons which I can think of.
>
> 1. Same DB Connection pool will be used if you go with single database.
> This can affect userstore operations or registry operations if the load to
> one becomes high (say the registry invocations increases, userstore
> operations might get affected).
>
> 2. There's also a good practice to create two separate DB users (userstore
> user and registry user) and grant permission for them to only access the
> necessary database. This is good for security as well.
>
> 3. It is nice to separate these two :). Ideally what I do is, create two
> databases. When doing this, I get the original script and remove the
> unwanted tables and create two separate scripts (registry.sql and
> userstore.sql)
>
> Regards,
> AmilaM.
>
>
> On Sun, Dec 22, 2013 at 3:35 AM, Isuru Perera <isurup@wso2.com> wrote:
>
>> Hi,
>>
>> $subject?
>>
>> It's mentioned in docs [1].
>>
>> I believe we can use the same database. We also use the same script to
>> create databases for Registry and User Manager.
>>
>> I would like to know the reasons?
>>
>> Thanks!
>>
>> Best Regards,
>>
>> [1] http://docs.wso2.org/pages/viewpage.action?pageId=29918203
>>
>> --
>> Isuru Perera
>> Senior Software Engineer | WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> about.me/chrishantha
>>
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Amila Maharachchi*
> Senior Technical Lead
> WSO2, Inc.; http://wso2.com
>
> Blog: http://maharachchi.blogspot.com
> Mobile: +94719371446
>
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
* <http://us13.wso2con.com/> *
*Senaka Fernando*
Senior Technical Lead; WSO2 Inc.; http://wso2.com
* Member; Apache Software Foundation; http://apache.org
<http://apache.org>E-mail: senaka AT wso2.com <http://wso2.com>**P: +1 408
754 7388; ext: 51736*;
*M: +94 77 322 1818 Linked-In: http://linkedin.com/in/senakafernando
<http://linkedin.com/in/senakafernando>*Lean . Enterprise . Middleware
[Attachment #5 (text/html)]
<div dir="ltr"><div><div>Hi Isuru,<br><br></div>To me the main reason is the improved \
security in having these separate. A potential breach into either will not impact the \
other.<br><br>The next reason is also related to security but also simplifies \
management (i.e. replication, back-up-and-restore etc.) as well. That is when you \
federate the registry or the user permission store - they might be done in different \
ways. Having these two separate databases makes it easier to share only what you \
want, instead of making everything available always.<br>
<br></div><div>Given the good habit of not overloading a single server, a shared \
connection pool wouldn't harm most standalone production deployments, but if you \
have multiple tenants etc, its is good practice to separate these as Amila pointed \
out. Because the access patterns of the registry and UM are not the same, having \
separate pools improves performance.<br>
<br></div><div>Thanks,<br>Senaka.<br></div></div><div \
class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Dec 23, 2013 at 10:53 \
AM, Amila Maha Arachchi <span dir="ltr"><<a href="mailto:amilam@wso2.com" \
target="_blank">amilam@wso2.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div>Hi Isuru,<br><br></div><div>Several \
reasons which I can think of.<br><br></div><div>1. Same DB Connection pool will be \
used if you go with single database. This can affect userstore operations or registry \
operations if the load to one becomes high (say the registry invocations increases, \
userstore operations might get affected).<br>
<br></div><div>2. There's also a good practice to create two separate DB users \
(userstore user and registry user) and grant permission for them to only access the \
necessary database. This is good for security as well.<br>
<br></div><div>3. It is nice to separate these two :). Ideally what I do is, create \
two databases. When doing this, I get the original script and remove the unwanted \
tables and create two separate scripts (registry.sql and userstore.sql) <br>
<br></div><div>Regards,<br>AmilaM.<br></div></div><div \
class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On Sun, Dec \
22, 2013 at 3:35 AM, Isuru Perera <span dir="ltr"><<a \
href="mailto:isurup@wso2.com" target="_blank">isurup@wso2.com</a>></span> \
wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"><div><div class="h5"><div \
dir="ltr"><div><div><div><div><div>Hi,<br><br></div>$subject?<br><br></div>It's \
mentioned in docs [1].<br>
<br>
</div>I believe we can use the same database. We also use the same script to create \
databases for Registry and User Manager.<br>
<br></div><div>I would like to know the \
reasons?<br></div><div><br></div>Thanks!<br><br></div>Best \
Regards,<br><div><div><div><br>[1] <a \
href="http://docs.wso2.org/pages/viewpage.action?pageId=29918203" \
target="_blank">http://docs.wso2.org/pages/viewpage.action?pageId=29918203</a><span><font \
color="#888888"><br clear="all">
<div><div><div><div><div><br>-- <br><div dir="ltr"><span \
style="color:rgb(102,102,102)"><font><span \
style="font-family:arial,helvetica,sans-serif">Isuru Perera<br>Senior Software \
Engineer | WSO<font>2,</font> Inc. | <a href="http://wso2.com/" \
target="_blank">http://wso2.com/</a><br>
Lean . Enterprise . Middleware<br></span></font></span><br><a \
href="http://about.me/chrishantha" target="_blank">about.me/chrishantha</a></div> \
</div></div></div></div></div></font></span></div></div></div></div> \
<br></div></div>_______________________________________________<br> Dev mailing \
list<br> <a href="mailto:Dev@wso2.org" target="_blank">Dev@wso2.org</a><br>
<a href="http://wso2.org/cgi-bin/mailman/listinfo/dev" \
target="_blank">http://wso2.org/cgi-bin/mailman/listinfo/dev</a><br> \
<br></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br \
clear="all"><br>-- <br><div dir="ltr"><font size="1"><b><font><span \
style="color:rgb(153,153,153)">Amila Maharachchi</span></font></b><br \
style="color:rgb(153,153,153)">
<span style="color:rgb(153,153,153)">Senior Technical Lead<br>
</span></font><font color="#888888"><font face="verdana, sans-serif"><span \
style="font-size:x-small"><span style="font-family:arial;font-size:small"><span \
style="font-size:x-small">WSO2, Inc.; </span><a href="http://wso2.com/" \
target="_blank"><span \
style="font-size:x-small">http://wso2.com</span></a></span></span></font><span \
style="font-size:x-small"><br>
<br>Blog: <a href="http://maharachchi.blogspot.com" \
target="_blank">http://maharachchi.blogspot.com</a> <br>Mobile: <a \
href="tel:%2B94719371446" value="+94719371446" \
target="_blank">+94719371446</a><br><br></span></font></div>
</font></span></div>
<br>_______________________________________________<br>
Dev mailing list<br>
<a href="mailto:Dev@wso2.org">Dev@wso2.org</a><br>
<a href="http://wso2.org/cgi-bin/mailman/listinfo/dev" \
target="_blank">http://wso2.org/cgi-bin/mailman/listinfo/dev</a><br> \
<br></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr"><div><b \
style="font-family:garamond,serif"><a href="http://us13.wso2con.com/" \
target="_blank"><img \
src="http://b.content.wso2.com/newsletter/images/wso2con2013-usa-mailsignature.jpg" \
width="200" height="53"></a><br>
</b></div><div><b style="font-family:garamond,serif"><br></b></div><div><b \
style="font-family:garamond,serif">Senaka Fernando</b></div><span \
style="font-family:garamond,serif;color:rgb(51,51,51)"><font size="1">Senior \
Technical Lead; </font></span><span \
style="font-family:garamond,serif;color:rgb(51,51,51)"><font size="1">WSO2 Inc.; <a \
href="http://wso2.com" target="_blank">http://wso2.com</a></font></span><i \
style="font-family:garamond,serif;color:rgb(51,51,51)"><font size="1"><br>
Member; Apache Software Foundation; <a href="http://apache.org" \
target="_blank">http://apache.org</a><br><br>E-mail: senaka AT <a \
href="http://wso2.com" target="_blank">wso2.com</a><br></font></i><i \
style="font-family:garamond,serif;color:rgb(51,51,51)"><font size="1">P: +1 408 754 \
7388; ext: 51736</font></i>; <i \
style="font-family:garamond,serif;color:rgb(51,51,51)"><font size="1">M: +94 77 322 \
1818<br>
Linked-In: <a href="http://linkedin.com/in/senakafernando" \
target="_blank">http://linkedin.com/in/senakafernando</a><br><br></font></i><span \
style="font-family:garamond,serif;color:rgb(51,51,51)"><font size="1">Lean . \
Enterprise . Middleware</font></span><br>
</div>
</div>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic