[MXS-4145] Add support for multi-MaxScale usage. - Jira

XML

Word

Printable

Details

Type: New Feature
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 22.08.0
Component/s: nosqlprotocol
Labels:
None

Epic Link:
MongoDB Protocol Support
Sprint:
MXS-SPRINT-159, MXS-SPRINT-160

Description

The authentication mechanisms used by NoSQL and MariaDB are sufficiently dissimilar that nosqlprotocol needs direct access to the SHA1 password of the client, to be able to log into MariaDB on behalf of the it.

Currently, the SHA1 password is stored in a local sqlite3 database on the MaxScale host. This presents a problem when multiple MaxScale instances are used in front of the same database cluster, as a NoSQL user created via one MaxScale instance is not available on the other.

This problem can be solved by storing the SHA1 password in a table in the MariaDB server/cluster. That way, irrespective of which MaxScale instance a NoSQL user was created on, it would immediately also be available on the other.

As anyone with access to that table would be able to impersonate every user in that table, the SHA1 password should be encrypted using a key available only to the MaxScale instances, e.g. by specifying the encryption key in the MaxScale configuration file. That way, the setup would be just as secure/insecure as the current sqlite3 arrangement.

Attachments

Activity

People

Assignee:: Johan Wikman

Reporter:: Johan Wikman

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2022-05-23 07:46

Updated:: 2022-06-27 10:15

Resolved:: 2022-06-20 11:17

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.