Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-69

dbfwfilter should be pessimistic about rule syntax errors

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.1.1
    • Component/s: None
    • Labels:
      None

      Description

      [Database Firewall]
      type=filter
      module=dbfwfilter
      rules=/home/skysql/dbfwfilter_rules.txt

      rule testrule deny no_where_clause
      users kolbe@% testuser@% match strict_all rules

      2015-03-21 08:58:24   fwfilter: Rule syntax incorrect, right keywords not found in the correct order: users kolbe@% testuser@% match strict_all rules

      However, the user kolbe@% is allowed to execute queries. I think it would make more sense for the filter to be pessimistic and block the named users from executing any queries in this case.

      It's also problematic that the rule syntax isn't parsed until the user tries to execute a query. There's no way to know whether the rules are correct before the user is already allowed to execute possibly problematic queries.

        Attachments

          Activity

            People

            Assignee:
            markus makela markus makela
            Reporter:
            kolbe Kolbe Kegel (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration