MySQL Forums
Forum List  »  Router & Proxy

Injecting query when changing data
Posted by: Ronald Poillot
Date: January 26, 2012 12:21PM

Dear friends,

I'm currently working with mysql-proxy with one master an one slave and i want to intercept the UPDATE, INSERT, DELETE and LOAD DATA querys.

The idea is: Whenever i found a query like the mentioned above, perform a "update" query in other table on the system. So, if the first operation (INSERT, UPDATE, ...) fails, the second one must fail too.

Playing with the lua script, i've found examples where the operation proxy.queries:append(id, ...) seems to work. Well, it works for some cases...

Currently, the configuration that closely works is:

proxy.queries:append(1, packet) -- The load data statement (or insert, update...)
proxy.queries:prepend(2, string.char(proxy.COM_QUERY) .. "insert into ...", {resultset_is_needed=true}) -- My malicious insert

and in the read_query_result function just ignore the id 2.

If i kill the LOAD DATA query, my malicious insert still works (i don't want this!). I've tried to put a "START TRANSACTION; SET AUTOCOMMIT=0; (query); (malicious_insert); COMMIT;" statement, but i've not still succeeded :(. I've tried appending, prepending the statements, but it's not working.

My question is: How can i put the two statements into one transaction in the lua script?

Thanks in advance. Greetings,

[EDIT] Extra data

ronald@dm4-1160us:~/Desktop$ mysql-proxy --version
mysql-proxy 0.8.1
chassis: mysql-proxy 0.8.1
glib2: 2.24.1
libevent: 1.4.13-stable
LUA: Lua 5.1.4
package.path: /usr/local/lib/mysql-proxy/lua/?.lua
package.cpath: /usr/local/lib/mysql-proxy/lua/?.so
-- modules
admin: 0.8.1
proxy: 0.8.1
[EDIT]


--
Ronald



Edited 1 time(s). Last edit at 01/26/2012 12:22PM by Ronald Poillot.

Options: ReplyQuote


Subject
Views
Written By
Posted
Injecting query when changing data
3184
January 26, 2012 12:21PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.