[mysql-dde] Re: Internal connection

  • From: Fabricio Mota <fabricio.mota@xxxxxxxxx>
  • To: mysql-dde@xxxxxxxxxxxxx
  • Date: Sat, 17 Dec 2005 16:45:04 -0300

Hey Guy,
I was think a bit more about your idea, in how to complement it putting
security. As I said before, we could use a validation key inside the hint,
able to be validate by any server in cluster, such as:

*select /* DDE_INTERNAL 3D493062A2B87EFF*/ something more*

The options I've thought are:

1) Insert a static key, generated during cluster creation, and known by all
servers to be validated when the command comes. (Weak security, because
malicious users may discover it and use it).

2) Validate the connection by the IP number of the client. It's most secure,
but network substitutions/replications may not be seen by system.

3) Implement a changeable validation key, that changes itself with a
non-trivial function. All servers will always know when it changes and when
it must to change (something like to encrypt a key with the time). This
could be strong, but in the example of time it has a problem if clocks
aren't sufficiently synchronized.

Any more ideas?

2005/12/17, Peter B. Volk <PeterB.Volk@xxxxxxx>:
>
> Hey,
>
> yes.
>
> Peter
> ----- Original Message -----
> From: "Fabricio Mota" <fabricio.mota@xxxxxxxxx>
> To: <mysql-dde@xxxxxxxxxxxxx>
> Sent: Saturday, December 17, 2005 3:21 AM
> Subject: [mysql-dde] Re: Internal connection
>
>
> > Hey,
> > do Insert/update/delete support hints too?
> >
> > FM
> >
> >
> > 2005/12/14, Fabricio Mota <fabricio.mota@xxxxxxxxx>:
> > >
> > > Hummmmm...
> > >
> > > That's sound very good!
> > >
> > > The only problem we could have to think is to add something more
> inside
> > > the hint (such as a validation key, encripted value or something like
> it) to
> > > ensure that bad intentioned users does not intend to get inside DDE
> > > intestines... haha
> > >
> > > FM
> > >
> > >
> > > 2005/12/14, Peter B. Volk <PeterB.Volk@xxxxxxx>:
> > > >
> > > > Hey,
> > > >
> > > >
> > > > I've been thinking about the internal connection. Actually we can
> use
> > > > the standard connection and then ad a hint to the SQL statement that
> it is
> > > > an internal connection. so the remote connection query would look
> like
> this:
> > > >
> > > >
> > > >
> > > >
> > > > Select /*!DDE_INTERNAL*/something FROM somewhere;
> > > >
> > > >
> > > >
> > > > Like this we would not need to care about modifying the connection
> > > > process.
> > > >
> > > >
> > > >
> > > > what do you think?
> > > >
> > > >
> > > >
> > > > Peter
> > > >
> > > > MySql-DDE discussion list
> > > > www.freelists.org/
> > > >
> > > >
> > >
> > >
> > > --
> > >
> > > Sem mais,
> > >
> > > Fabricio Mota
> > > Oda Mae Brown - Aprecie sem moderação.
> > > http://www.odamaebrown.com.br
> >
> >
> >
> >
> > --
> >
> > Sem mais,
> >
> > Fabricio Mota
> > Oda Mae Brown - Aprecie sem moderação.
> > http://www.odamaebrown.com.br
> >
> > MySql-DDE discussion list
> > www.freelists.org/
> >
>
> MySql-DDE discussion list
> www.freelists.org/
>
>


--

Sem mais,

Fabricio Mota
Oda Mae Brown - Aprecie sem moderação.
http://www.odamaebrown.com.br

MySql-DDE discussion list
www.freelists.org/

Other related posts: