MySQL proxy (another way to solve injection)

Author: yunshu
What is MySQL proxy?
MySQL proxy is a simple program that sits between your client and MySQL server (s) that can monitor, analyze or transform their communication. its flexibility allows for unlimited uses; common ones include: Load Balancing; failover; query analysis; query filtering and modification; and more. we can see that MySQL proxy is mainly used for load balancing and database read/write splitting. However, it should be noted that MySQL proxy also has a powerful extension function that supports Lua language-Warcraft also uses Lua to develop games. NetEase is also known as Netease-see Yunfeng's blog. Such an extension gives me the idea of letting him do other things-preventing injection attacks.

When MySQL proxy is started, a Lua script is loaded to perform a security check on each query or insert statement, or even replace some content in the query.ProgramWhen the member's program forgets to filter parameters, the last line of defense is available. It is also a dynamic scripting language like Lua, which provides great flexibility in development, correction, and deployment. Of course, you may be concerned about performance issues, so add memcached in front, or simply use C to write such extensions. After all, MySQL proxy is open-source, there are clear interfaces.

The interfaces provided by MySQL proxy to Lua mainly include the following functions:

Connect_server ()-This function is called every time the client connects. You can use this function to handle Server Load balancer and decide to send the current request to the backend server. If this function is not specified, A simple round-robin mechanism will be adopted.

Read_handshake ()-This function is called when the server returns the initial handshake information. You can call this function to perform additional checks before the verification information is sent to the server.

Read_auth ()-This function is called when the client sends verification information to the server.

Read_auth_result ()-This function is called after the server authentication information is returned.

Read_query ()-This function is called every time the client sends a query request function. It can be used to pre-process query statements and filter out unexpected queries. This is the most common function.

Read_query_result ()-the query result returns the called function, which can be used to process the result set.

We can see that there are still many other things to do after free use. I don't know if there are any companies that have done this or tried it. I just want to write a small idea and it is feasible. I will try again later. Recently, my teeth hurt badly. Alas, when I was a child, I didn't pay attention to it. Now the treatment and protection are too late. I will learn from my own baby later.