A year ago, I blogged about An Unprivileged User can crash your MySQL Server. At the time, I explained how to protect yourself against this problem. A few weeks ago, I revisited this vulnerability in a follow-up post in which I explained the fix, claimed that the MySQL 5.7 default configuration for Group Replication is still problematic, and explained a tuning to avoid the vulnerability. In this last post in the series, I explain how to exploit this vulnerability to crash older version of MySQL (or untuned Group Replication in 5.7), but this needs a lot of determination.
Showing posts with label Group Replication. Show all posts
Showing posts with label Group Replication. Show all posts
Wednesday, January 19, 2022
Tuesday, November 30, 2021
Follow-up on an Unprivileged User can Crash your MySQL Server
A year ago, I blogged about An Unprivileged User can Crash your MySQL Server. At the time, I presented how to protect yourself against this problem without explaining how to generate a crash. In this post, I am revisiting this vulnerability, not giving the exploit yet, but presenting the fix. Also, because the default configuration of Group Replication in 5.7 is still vulnerable (it is not in 8.0), I show the adjustment to make to avoid problems.
Tuesday, February 26, 2019
MySQL Master High Availability and Failover: more thoughts
Some months ago, Shlomi Noach published a series about Service Discovery. In his posts, Shlomi describes many ways for an application to find the master. He also gives detail on how these solutions cope with failing-over to a slave, including their integration with Orchestrator.
This is a great series, and I recommend its reading for everybody implementing master failover, with or without Orchestrator, even if you are not fully automating the process yet. Taking a step back, I realized that service discovery is only one of the five parts of a full MySQL Master Failover Strategy; this post is about these five parts. In some follow-up posts, I might analyze some deployments using the framework presented in this post.
This is a great series, and I recommend its reading for everybody implementing master failover, with or without Orchestrator, even if you are not fully automating the process yet. Taking a step back, I realized that service discovery is only one of the five parts of a full MySQL Master Failover Strategy; this post is about these five parts. In some follow-up posts, I might analyze some deployments using the framework presented in this post.
Thursday, January 11, 2018
More Write Set in MySQL: Group Replication Certification
This is the third post in the series on Write Set in MySQL. In the first post, we explore how Write Set allows to get better parallel replication in MySQL 8.0. In the second post, we saw how the MySQL 8.0 improvement is an extension of the work done in MySQL 5.7 to avoid replication delay/lag in Group Replication. In this post, we will see how Write Set is used in Group Replication to detect conflicts in multi-writer mode during certification. We will also see the impacts, on conflict detection, of the Write Set bug that I presented in the first post.
Monday, January 8, 2018
Write Set in MySQL 5.7: Group Replication
In my previous post, I write that Write Set is not only in MySQL 8.0 but also in MySQL 5.7 though a little hidden. In this post, I describe Write Set in 5.7 and this will bring us in the inner-working of Group Replication. I am also using this opportunity to explain and show why members of a group can replicate faster than a standard slave. We will also see the impacts, on Group Replication, of the Write Set bug that I presented in my last post.
Subscribe to:
Posts (Atom)