In talking through ways we could make extracting sensitive data from the cluster harder for an attacker, segmenting the data for private wikis seemed like a potential project.
The rough idea would be,
- Move private wikis to a dedicated group of app servers, those app servers can hold a different set of db/cache credentials
- Point private wikis at their own redis/memcache servers
- Move private wikis to a new database cluster
- Limit network connections to caching / db servers to the set of dedicated app servers
Joe thought the varnish setup to direct private wikis to their own app servers wouldn't be too difficult. @Springle, do you know roughly how much work setting up a new db cluster would be, if we decided to do this?