When running tests, it is sometimes useful to slow down IOs to clearly show the impact of reading from the disk. Modern laptops and servers usually have fast local SSDs, and most cloud vendors provide, in addition to fast local disks, relatively fast network block devices (EBS for AWS and Persistent Disk for GCP). Even when using magnetic network block devices, IOs are not guaranteed to be slow because they might hit the cache of the storage appliance (EBS volumes sometime have sub-millisecond latency). This blog post describes the solution I am using for simulating high latency IOs on Linux. TL&DR: device-mapper’s delay target.
Friday, June 28, 2024
Wednesday, June 19, 2024
Trusting mysqldump and Insecure MySQL Client Lead to Remote Code Execution
Yes, you read this correctly: because the MySQL client is insecure and allows running arbitrary commands, and because mysqldump blindly trusts the server it is dumping from, a hostile MySQL Server on which mysqldump is executed could trigger arbitrary command execution (also known as a remote code execution). This post raises awareness on this vulnerability and shows how a secure MySQL client makes things harder to exploit.
Monday, June 17, 2024
RFC: Database / Schema in the Slow Query Log File
A month ago, I announced that I am working on a MySQL Contribution to add database / schema in the slow query log file (bug report, LinkedIn, Twitter, Facebook, and MySQL Community Slack). My contribution is ready, and before submitting it, I would like feedback, so I am writing this post as a Request for Comments (RFC). If you are in a hurry, you can go directly to the RFC Fake PR. But what is a Fake PR ? It is part of my way of working on MySQL Contributions, which I describe below, and on which I would also welcome feedback. Something else covered in this post are the design choices made for this contribution, and again, I would welcome your feedback on them (I can make adjustments before submitting my contribution). In this post, I also explain why having the database / schema in the slow query log file is important.
Subscribe to:
Posts (Atom)