Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-69

dbfwfilter should be pessimistic about rule syntax errors

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • None
    • 1.1.1
    • None
    • None

    Description

      [Database Firewall]
      type=filter
      module=dbfwfilter
      rules=/home/skysql/dbfwfilter_rules.txt

      rule testrule deny no_where_clause
      users kolbe@% testuser@% match strict_all rules

      2015-03-21 08:58:24   fwfilter: Rule syntax incorrect, right keywords not found in the correct order: users kolbe@% testuser@% match strict_all rules

      However, the user kolbe@% is allowed to execute queries. I think it would make more sense for the filter to be pessimistic and block the named users from executing any queries in this case.

      It's also problematic that the rule syntax isn't parsed until the user tries to execute a query. There's no way to know whether the rules are correct before the user is already allowed to execute possibly problematic queries.

      Attachments

        Activity

          People

            markus makela markus makela
            kolbe Kolbe Kegel (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.