[MXS-69] dbfwfilter should be pessimistic about rule syntax errors - Jira

XML

Word

Printable

Details

Type: New Feature
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.1.1
Component/s: None
Labels:
None

Description

[Database Firewall]

type=filter

module=dbfwfilter

rules=/home/skysql/dbfwfilter_rules.txt

rule testrule deny no_where_clause

users kolbe@% testuser@% match strict_all rules

2015-03-21 08:58:24   fwfilter: Rule syntax incorrect, right keywords not found in the correct order: users kolbe@% testuser@% match strict_all rules

However, the user kolbe@% is allowed to execute queries. I think it would make more sense for the filter to be pessimistic and block the named users from executing any queries in this case.

It's also problematic that the rule syntax isn't parsed until the user tries to execute a query. There's no way to know whether the rules are correct before the user is already allowed to execute possibly problematic queries.

Attachments

Activity

People

Assignee:: markus makela

Reporter:: Kolbe Kegel (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2015-03-27 21:19

Updated:: 2017-12-01 14:39

Resolved:: 2015-05-01 11:09

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.