Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-4145

Add support for multi-MaxScale usage.

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 22.08.0
    • Component/s: nosqlprotocol
    • Labels:
      None

      Description

      The authentication mechanisms used by NoSQL and MariaDB are sufficiently dissimilar that nosqlprotocol needs direct access to the SHA1 password of the client, to be able to log into MariaDB on behalf of the it.

      Currently, the SHA1 password is stored in a local sqlite3 database on the MaxScale host. This presents a problem when multiple MaxScale instances are used in front of the same database cluster, as a NoSQL user created via one MaxScale instance is not available on the other.

      This problem can be solved by storing the SHA1 password in a table in the MariaDB server/cluster. That way, irrespective of which MaxScale instance a NoSQL user was created on, it would immediately also be available on the other.

      As anyone with access to that table would be able to impersonate every user in that table, the SHA1 password should be encrypted using a key available only to the MaxScale instances, e.g. by specifying the encryption key in the MaxScale configuration file. That way, the setup would be just as secure/insecure as the current sqlite3 arrangement.

        Attachments

          Activity

            People

            Assignee:
            johan.wikman Johan Wikman
            Reporter:
            johan.wikman Johan Wikman
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.