[#MXS-1256] Make combined use of masking and the firewall filter more convenient.

[MXS-1256] Make combined use of masking and the firewall filter more convenient. Created: 2017-05-02 Updated: 2017-08-22 Resolved: 2017-08-22
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	dbfwfilter, masking
Affects Version/s:	2.1.2
Fix Version/s:	2.2.0

Type:

Task

Priority:

Major

Reporter:

Johan Wikman

Assignee:

Unassigned

Resolution:

Duplicate

Votes:

Labels:

None

Sprint:

2017-37, 2017-38

Description

Using the masking filter certain columns can be masked. However, as the maxrows filter works on the resultset alone, it is possible to easily circumvent it. For instance,

mysql> SELECT id, firstname, lastname FROM masking;

+----+-----------+----------+

| id | firstname | lastname |

+----+-----------+----------+

|  1 | test1     | XXXXX    |

|  2 | test2     | XXXXX    |

+----+-----------+----------+

mysql> SELECT id, firstname, CONCAT(lastname) FROM masking;

+----+-----------+------------------+

| id | firstname | CONCAT(lastname) |

+----+-----------+------------------+

|  1 | test1     | mask1            |

|  2 | test2     | mask2            |

+----+-----------+------------------+

That can be prevented using the firewall. However, currently it is quite inconvenient as you would need to separately list all functions using which the masking can be circumvented.

There should be an easy way to use maxrows and the firewall filter together, for securely masking certain columns.

Comments

Comment by Johan Wikman [ 2017-08-22 ]

Handled by ~~MXS-1364~~ and ~~MXS-1346~~

Generated at Thu Feb 08 04:05:23 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-1256] Make combined use of masking and the firewall filter more convenient. Created: 2017-05-02 Updated: 2017-08-22 Resolved: 2017-08-22