The proxy doesn't forward remote address for authentcation
Posted by:
Amr Hamdy
Date: August 28, 2007 01:07PM
Hello :),
I've setup my test environment as follows,
1- MySQL Master server with IP: 192.168.99.244
2- MySQL Slave server with IP: 192.168.99.243
3- MySQL Proxy with IP 192.168.99.222 and IP 10.45.0.15
I start the MySQL proxy as follows,
LUA_PATH="lib/?.lua" mysql-proxy --proxy-lua-script=./lib/rw-splitting.lua --proxy-address=:3306 --proxy-backend-addresses=192.168.99.244:3306 --proxy-read-only-backend-addresses=192.168.99.243:3306
I've granted access to "root" user on localhost and 192.168.99.222 on mysql servers, master and slave, .. and didn't grant it access on any other hosts ..
Now when I connect from IP 10.45.0.11 to IP 10.45.0.15, the proxy IP, with root user and password it establishes the connection successfully ..
That's because the mysql servers don't recognize that the connections are coming from remote address "10.45.0.11" but from address "192.168.99.222" .. which means that I've to grant all my users on the proxy Ip or hostname not on the remote address which is not good as security practice ..
The MySQL proxy should forward the remote address, which is 10.45.0.11 in my case, to the mysql servers for authentication so as I can strictly specify who can connect to what depending on remote address not proxy address ..
I hope I could explain my point of view well ..
Thanks a lot :)
Subject
Views
Written By
Posted
The proxy doesn't forward remote address for authentcation
5322
August 28, 2007 01:07PM
2375
August 28, 2007 01:31PM
3040
August 28, 2007 02:51PM
2236
August 29, 2007 02:33AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.