Has there been any progress in securing Hyperdrive? (sorry - wrote this before seeing the post indi
Has there been any progress in securing Hyperdrive? (sorry - wrote this before seeing the post indicating there are no static IPs yet)
I know Cloudflare has deemed Hyperdrive "producton ready", but it is unusable in its current state for anything more than a sandbox... and certainly not anything targeting the enterprise. The restriction to open 0.0.0.0/0 is a widely known security vulnerability. I did this (since there was no other way), and instantly regretted it. Within a day, my Google Cloud SQL server was hammered with connections attempting to gain access... enough so that the small scale test DB instance I had was shut down for memory consumption (deemed underprovisioned... when there was literally one record getting 5 requests/day in the tiny DB). Google has plenty of ways to secure the DB, but Cloudflare is essentially requiring users to bypass these mechanisms.
I know Neon, PlanetScale, & Supabase are supported... but just supporting Guillermo Rauch-backed startups is not enough to call it "production ready". Contrary to what has been stated, most databases are NOT publicly accessible. Only managed service providers do this, and even those have the ability/recommendation to add security rules limiting connections. I mention this because it was one of the arguments made in favor of allowing 0.0.0.0/0 a few months ago in this thread.
I'd really love to use Hyperdrive. While my servers were left alone, it seemed great. However; this is a deal-breaker if it's going to put my other infrastructure in jeopardy. If there's anything I can do to help, I'd be happy to.
@AJR - is the pool of IP's for warp accessible? If we can restrict by that, it would be a start.
cc @Matt
I know Cloudflare has deemed Hyperdrive "producton ready", but it is unusable in its current state for anything more than a sandbox... and certainly not anything targeting the enterprise. The restriction to open 0.0.0.0/0 is a widely known security vulnerability. I did this (since there was no other way), and instantly regretted it. Within a day, my Google Cloud SQL server was hammered with connections attempting to gain access... enough so that the small scale test DB instance I had was shut down for memory consumption (deemed underprovisioned... when there was literally one record getting 5 requests/day in the tiny DB). Google has plenty of ways to secure the DB, but Cloudflare is essentially requiring users to bypass these mechanisms.
I know Neon, PlanetScale, & Supabase are supported... but just supporting Guillermo Rauch-backed startups is not enough to call it "production ready". Contrary to what has been stated, most databases are NOT publicly accessible. Only managed service providers do this, and even those have the ability/recommendation to add security rules limiting connections. I mention this because it was one of the arguments made in favor of allowing 0.0.0.0/0 a few months ago in this thread.
I'd really love to use Hyperdrive. While my servers were left alone, it seemed great. However; this is a deal-breaker if it's going to put my other infrastructure in jeopardy. If there's anything I can do to help, I'd be happy to.
@AJR - is the pool of IP's for warp accessible? If we can restrict by that, it would be a start.
cc @Matt
