I'm finishing a system at work that makes calls to mysql server. Those calls' arguments reveal information that I need to keep private, like vote(idUser, idCandidate). There's no information in the db that relates those two of course, nor in "the visible part" of the back end, but even though I think this can't be done, I wanted to make sure that it is impossible to trace this sort of calls, with a log or something (calls that were made, or calls being made at the moment), as it is impossible in most languages, unless you specifically "debug" in a certain way, while the system is in production and being used. I hope the questions is clear enough. Thanks.
Asked
Active
Viewed 33 times
0
newbie
- 1,199
- 1
- 10
- 25
-
2Yes, MySQL has a query log. https://stackoverflow.com/questions/6479107/how-to-enable-mysql-query-log – mtricht Jul 26 '20 at 20:25
-
Thanks, so as long as I keep that disabled there is no way it can be done? – newbie Jul 26 '20 at 20:30
1 Answers
1
How do I log thee? Let me count the ways.
- MySQL query log. I can enable this per-session and send everything to a log file.
- I can set up a slave server and have insertions sent to me by the master. This is a significant intervention and would leave a wide trace.
- On the server, unbeknownst to either Web app and MySQL log, I can intercept communications between the two. I need administrative access to the machine, of course.
- On the server, again with administrative access, I can both log the query calls and inject a logging instrumentation into the SQL interface (the legitimate one is the MySQL Audit Plugin, but there are several alternatives, developed for various purposes by developers over the years)
What can you do? You can have the applications use a secure protocol, just for starters.
Then, you need to secure your machine so that administrator tricks do not work, and even if the logs are activated, nobody can read them and you can be advised of any new and modified file to delete it promptly.
LSerni
- 55,617
- 10
- 65
- 107
-
Thanks! so if the server administrator doesn't know the password of the connection he can't do anything, right? – newbie Jul 26 '20 at 21:04
-
2any one with access can rewrite the code, and with the recent hardware bugs in processors they even can look into the memory. – nbk Jul 26 '20 at 21:41
-
Actually, having administrator (root) access to the MySQL server machine would allow someone to do mostly *anything*. Silently activating the general log or the enterprise audit plugin would be probably the simplest thing to do. You need at the very least to *be* the **only** administrator of both the Web and the MySQL servers (or of the machine where both run). – LSerni Jul 26 '20 at 22:33