Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2765

data leak detection

Details

    • New Feature
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Won't Do
    • None
    • N/A
    • N/A
    • MXS-SPRINT-115

    Description

      Can you add a pseudo data insertion function for users? For example: when user Bob connects via maxscale, he sees a pseudo-row in a specific table. User Alice sees other pseudo-rows in another table. In case of theft, I would understand who committed the leak according to mixed data.

      I would like to have some dictionary in which some pseudo-data or regular expressions will correspond to users.

      https://mariadb.com/resources/blog/mariadb-maxscale-masking-and-firewall/

      Attachments

        Activity

          johan.wikman Johan Wikman added a comment -

          This would require quite complex machinery.

          MaxScale would have to remember what pseudo-row it returned to which user, as it obviously would have to return the very same row each time a particular user targets that table.

          Further, for this to be effective, the user must not be able to detect that there are pseudo rows and which row it is. That implies, for instance, that MaxScale would have to detect a statement like SELECT COUNT( * ) FROM tbl and tweak the result, as otherwise the user could simply execute that statement and the statement SELECT * FROM tbl, count the rows, and compare whether the result matches. If they don't, there's a pseudo row.

          Similarly, by copying the data to a local table it would be possible, by executing SELECT statements with different WHERE clauses against the local table and the table delivered through MaxScale, to identify which row is the pseudo row.

          It seems this is not something that can be implemented in a robust way in a proxy but must be implemented in the server.

          johan.wikman Johan Wikman added a comment - This would require quite complex machinery. MaxScale would have to remember what pseudo-row it returned to which user, as it obviously would have to return the very same row each time a particular user targets that table. Further, for this to be effective, the user must not be able to detect that there are pseudo rows and which row it is. That implies, for instance, that MaxScale would have to detect a statement like SELECT COUNT( * ) FROM tbl and tweak the result, as otherwise the user could simply execute that statement and the statement SELECT * FROM tbl , count the rows, and compare whether the result matches. If they don't, there's a pseudo row. Similarly, by copying the data to a local table it would be possible, by executing SELECT statements with different WHERE clauses against the local table and the table delivered through MaxScale, to identify which row is the pseudo row. It seems this is not something that can be implemented in a robust way in a proxy but must be implemented in the server.

          People

            toddstoffel Todd Stoffel (Inactive)
            ssmirnov Sergey Smirnov
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.