Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not a Bug
-
2.4.19
-
None
-
centos 7
Description
According to documentation here:
https://mariadb.com/kb/en/mariadb-maxscale-24-cache/#security_1
In the Security section, it shows an example and says:
"That can be prevented, by explicitly declaring in the rules that the caching should be applied to alice only."
However, in implementation, Each json stanza is applied as an OR condition.
For Example:
|
{
|
"store": [ |
{
|
"attribute": "database", |
"op": "=", |
"value": "marketing" |
},
|
{
|
"attribute": "table", |
"op": "=", |
"value": "flyer_data" |
}
|
],
|
"use": [ |
{
|
"attribute": "user", |
"op": "=", |
"value": "'jqgrid'@'%'" |
}
|
]
|
}
|
Matches ANY condition and not ALL as expected.
Actually, I think it works as documented. The documentation says
If an array of rule objects is specified, then, when looking for a rule that
matches, the `store` field of each object are evaluated in sequential order
until a match is found.
So, in the store array above, the first stanza will match whenever the database is marketing, irrespective of what the table is. That is , a SELECT targeting marketing.flyer_data will match, but so will marketing.some_other_table.
The second stanza will match whenever the table is flyer_data, irrespective of what the database is. That is, a SELECT targeting marketing.flyer_data will match, but so will some_other_db.flyer_data.
If you specifically want the table flyer_data in the database marketing to match, then the stanza must look like
"store": [
{
"attribute": "table",
"op": "=",
"value": "marketing.flyer_data"
}
]
Then, if there is a use array, a matching stanza from the store array is applied only if the current user matches any of the users specified in the use array.