Details
-
Task
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Currently once the connections has been established, the address defined by the proxy protocol header cannot be changed. Being able to change it in the COM_CHANGE_USER would allow database-aware proxies like MaxScale to pass the original, new client address as a part of the COM_CHANGE_USER packet. This would allow connection reuse without having to limit them to the original address of the client who opened the connection.
The suggested idea is to use the client connection attributes of the COM_CHANGE_USER header to pass this information. This would allow the desired behavior to be implemented without having to change the protocol at all. A reserved connection attribute (e.g. _proxied_host) could contain the same information that is initially passed via the proxy protocol header.
A side benefit of using a connection attribute is that it would allow client applications to transparently pass this information via proxies that do not otherwise support proxy protocol even for normal authentication. It could also be used as an alternative method of passing proxy protocol information for connectors that do not support sending it but do support connection attributes.