2 holes in RDS on Ali Cloud

Recently found Aliyun RDS Management Console upgrade, the interface is better to see, the operation is also more convenient, but under the beautiful exterior but hid the pit, accidentally by our attention.

On the afternoon of August 31, we created a new database account number in the RDS management console, and we chose to bind multiple databases when we created it.

Then, the status of this new account is displayed as "in Create", at which point the new account can log on, but not access any databases.

More than 2 minutes later, the account status changed from "Create" to "activate" before you can normally access the bound database.

We have not been in RDS for a long time to account management operations, today such a simple, so common operation, we did not think of a problem.

The result is in 2 minutes, even 2 pits, is not light!

1th Pit.

All the databases that were selected to bind when the new account was created were not accessible for 2 minutes. Existing accounts that have been bound to these databases are denied access, and the error message is as follows:

The SELECT permission is denied on the object ', database ', schema ' dbo '.

This problem affects the whole station because more databases are selected at the time of creation. It's so depressing that since the database was used, there has never been a problem with creating a new account that affects an existing account.

It was further discovered that the actual pit was deeper than this, and that the problem would be triggered by modifying the database bindings of any existing account. and the modified setting takes more than 2 minutes to take effect.

That is, in RDS, any changes to the permissions of any database account can cause the involved database to be inaccessible for a short period of time without any hint or warning.

After we have feedback to Aliyun, they have confirmed that this is a bug and that it will be repaired in the next release at the end of September.

Our idea is: such a serious bug, but also to allow users to wait until the end of September, 24 hours to repair is responsible for the practice!

2nd pit.

Create a new account has caused the existing Database account database binding lost, some only one database binding, some less than one or two database binding.

After feedback to Aliyun, the RDS DBA did not know that when we migrated to RDS, some of the operations in SQL Server Management Studio caused the account in SQL Server to be inconsistent with the account in RDS, which was found in SQL when the new account was created Some of the accounts in the server did not exist in RDS, so RDS took these accounts to the kill.

Aliyun says this is for security reasons, and we can tolerate it without giving SA permission for security reasons. What security problems are there in this place? Moreover, our RDS only has the intranet authorized IP to be able to access. In addition, even if you have to keep the RDS consistent with the SQL Server database account, you should also use the account in SQL Server. Because the account in RDS is lost even if it is all missing, it will not affect the normal access of the database, and the account number in the database may affect the user's normal application if it is less than one. What's the weight?

Post-Pit Testimonials

If in the design of products, to ensure the stability of user applications in the first place, there will not be so many pits! If you dare to put their core application on their own cloud, there will not be so many pits!

Now the situation is such as the production of cars do not consider safety issues, such as the user drove out of the accident, to targeted to solve the security problem; Then, those who are ready to buy a car to see the car so unsafe, scared to buy. If so, there would be no car industry today.

Update: The 1th pit was filled up around 22:00 on September 2.

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/cloud-computing/