[mysql-dde] Re: Internal connection

  • From: "Peter B. Volk" <PeterB.Volk@xxxxxxx>
  • To: <mysql-dde@xxxxxxxxxxxxx>
  • Date: Mon, 19 Dec 2005 21:27:43 +0100

Hey,


----- Original Message ----- 
From: "Fabricio Mota" <fabricio.mota@xxxxxxxxx>
To: <mysql-dde@xxxxxxxxxxxxx>
Sent: Saturday, December 17, 2005 8:45 PM
Subject: [mysql-dde] Re: Internal connection


> Hey Guy,
> I was think a bit more about your idea, in how to complement it putting
> security. As I said before, we could use a validation key inside the hint,
> able to be validate by any server in cluster, such as:
>
> *select /* DDE_INTERNAL 3D493062A2B87EFF*/ something more*
>

Souds good

> The options I've thought are:
>
> 1) Insert a static key, generated during cluster creation, and known by
all
> servers to be validated when the command comes. (Weak security, because
> malicious users may discover it and use it).
>
> 2) Validate the connection by the IP number of the client. It's most
secure,
> but network substitutions/replications may not be seen by system.
>
> 3) Implement a changeable validation key, that changes itself with a
> non-trivial function. All servers will always know when it changes and
when
> it must to change (something like to encrypt a key with the time). This
> could be strong, but in the example of time it has a problem if clocks
> aren't sufficiently synchronized.
>
> Any more ideas?

4) Asynchrone Encryption:
    The 3D493062A2B87EFF string would contain a hash of the query encrypted
with the private key of the origin server. This kan then be decrypted by the
receiving server and the receiving server can validate the hash.

Peter


>
> 2005/12/17, Peter B. Volk <PeterB.Volk@xxxxxxx>:
> >
> > Hey,
> >
> > yes.
> >
> > Peter
> > ----- Original Message -----
> > From: "Fabricio Mota" <fabricio.mota@xxxxxxxxx>
> > To: <mysql-dde@xxxxxxxxxxxxx>
> > Sent: Saturday, December 17, 2005 3:21 AM
> > Subject: [mysql-dde] Re: Internal connection
> >
> >
> > > Hey,
> > > do Insert/update/delete support hints too?
> > >
> > > FM
> > >
> > >
> > > 2005/12/14, Fabricio Mota <fabricio.mota@xxxxxxxxx>:
> > > >
> > > > Hummmmm...
> > > >
> > > > That's sound very good!
> > > >
> > > > The only problem we could have to think is to add something more
> > inside
> > > > the hint (such as a validation key, encripted value or something
like
> > it) to
> > > > ensure that bad intentioned users does not intend to get inside DDE
> > > > intestines... haha
> > > >
> > > > FM
> > > >
> > > >
> > > > 2005/12/14, Peter B. Volk <PeterB.Volk@xxxxxxx>:
> > > > >
> > > > > Hey,
> > > > >
> > > > >
> > > > > I've been thinking about the internal connection. Actually we can
> > use
> > > > > the standard connection and then ad a hint to the SQL statement
that
> > it is
> > > > > an internal connection. so the remote connection query would look
> > like
> > this:
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Select /*!DDE_INTERNAL*/something FROM somewhere;
> > > > >
> > > > >
> > > > >
> > > > > Like this we would not need to care about modifying the connection
> > > > > process.
> > > > >
> > > > >
> > > > >
> > > > > what do you think?
> > > > >
> > > > >
> > > > >
> > > > > Peter
> > > > >
> > > > > MySql-DDE discussion list
> > > > > www.freelists.org/
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Sem mais,
> > > >
> > > > Fabricio Mota
> > > > Oda Mae Brown - Aprecie sem moderação.
> > > > http://www.odamaebrown.com.br
> > >
> > >
> > >
> > >
> > > --
> > >
> > > Sem mais,
> > >
> > > Fabricio Mota
> > > Oda Mae Brown - Aprecie sem moderação.
> > > http://www.odamaebrown.com.br
> > >
> > > MySql-DDE discussion list
> > > www.freelists.org/
> > >
> >
> > MySql-DDE discussion list
> > www.freelists.org/
> >
> >
>
>
> --
>
> Sem mais,
>
> Fabricio Mota
> Oda Mae Brown - Aprecie sem moderação.
> http://www.odamaebrown.com.br
>
> MySql-DDE discussion list
> www.freelists.org/
>

MySql-DDE discussion list
www.freelists.org/

Other related posts: