Table of Contents
Advertisement
•
SELECT * FROM some_table
•
DELETE FROM some_table
•
DESCRIBE some_table
•
UPDATE some_table SET column1 = any_value1
this could actually cause much greater damage than simply deleting all the data
Even more insidious variations might include statements like these:
UPDATE
some_table
or
UPDATE
some_table
Such malicious statements are limited only by the imagination of the attacker.
The only tables that would be safe from this sort of mayhem would be those tables that were created
using storage engines other than NDB, and so not visible to a "rogue" SQL node.
Note
database and its tables, and so obtain information about databases, tables,
stored routines, scheduled events, and any other database objects for which
metadata is stored in INFORMATION_SCHEMA.
It is also a very good idea to use different passwords for the
nodes.
In sum, you cannot have a safe MySQL Cluster if it is directly accessible from outside your local
network.
Important
Never leave the MySQL root account password empty. This is just as true when
running MySQL as a MySQL Cluster SQL node as it is when running it as a
standalone (non-Cluster) MySQL Server, and should be done as part of the
MySQL installation process before configuring the MySQL Server as an SQL
node in a MySQL Cluster.
You should never convert the system tables in the
There are a number of reasons why you should not do this, but the most important reason is this:
Many of the SQL statements that affect
routines, scheduled events, and other database objects cease to function if these tables are changed
to use any storage engine other than MyISAM. This is a consequence of various MySQL Server
internals which are not expected to change in the foreseeable future.
If you need to synchronize
replication to do so, or employ a script to copy table entries between the MySQL servers.
Summary.
The two most important points to remember regarding the MySQL privilege system with
regard to MySQL Cluster are:
1. Users and privileges established on one SQL node do not automatically exist or take effect on other
SQL nodes in the cluster.
Conversely, removing a user or privilege on one SQL node in the cluster does not remove the user
or privilege from any other SQL nodes.
MySQL Cluster Security Issues
to read all the data from any table
to delete all the data from a table
or
SHOW CREATE TABLE some_table
SET
an_int_column
=
SET
a_varchar_column
A user who can log in as
mysql
system tables between SQL nodes, you can use standard MySQL
mysql
1690
to fill a table column with "garbage" data;
an_int_column
+ 1
= REVERSE(a_varchar_column)
can also access the
root
root
database to use the
mysql
tables storing information about user privileges, stored
to determine the table schema
INFORMATION_SCHEMA
accounts on different cluster SQL
storage engine.
NDB
Advertisement
Chapters
Table of Contents
Troubleshooting
