hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Disabled connection_timeout because it's unsafe to use

Browse Source 
The current implementation of the session timeout functionality is not safe to
use. Added a warning to the documentation and disabled the code. If the user
tries to use it, a warning is logged.
This commit is contained in:
Markus Makela
2016-01-15 16:38:15 +02:00
parent c1a906a60d
commit b470ebe732
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Documentation/Getting-Started/Configuration-Guide.md
View File

@ -467,6 +467,8 @@ MaxScale normally suppresses warning messages about failed authentication. Enabl
#### `connection_timeout` #### `connection_timeout`
**NOTE**: This parameter is not safe to use in version 1.3.0. Please do not use it.
The connection_timeout parameter is used to disconnect sessions to MaxScale that have been idle for too long. The session timeouts are disabled by default. To enable them, define the timeout in seconds in the service's configuration section. The connection_timeout parameter is used to disconnect sessions to MaxScale that have been idle for too long. The session timeouts are disabled by default. To enable them, define the timeout in seconds in the service's configuration section.
Example: Example:

2
Documentation/Release-Notes/MaxScale-1.3.0-Release-Notes.md
View File

@ -236,6 +236,8 @@ details, please read the [Monitor Common](../Monitors/Monitor-Common.md) documen
There are a number bugs and known limitations within this version of MaxScale, There are a number bugs and known limitations within this version of MaxScale,
the most serious of this are listed below. the most serious of this are listed below.
* The `connection_timeout` service parameter is not safe to use in version 1.3.0.
* MaxScale can not manage authentication that uses wildcard matching in hostnames in the mysql.user table of the backend database. The only wildcards that can be used are in IP address entries. * MaxScale can not manage authentication that uses wildcard matching in hostnames in the mysql.user table of the backend database. The only wildcards that can be used are in IP address entries.
* When users have different passwords based on the host from which they connect MaxScale is unable to determine which password it should use to connect to the backend database. This results in failed connections and unusable usernames in MaxScale. * When users have different passwords based on the host from which they connect MaxScale is unable to determine which password it should use to connect to the backend database. This results in failed connections and unusable usernames in MaxScale.

7
server/core/service.c
View File

@ -66,6 +66,7 @@
#include <gw.h> #include <gw.h>
#include <gwdirs.h> #include <gwdirs.h>
#include <math.h> #include <math.h>
#include <version.h>
static RSA *rsa_512 = NULL; static RSA *rsa_512 = NULL;
static RSA *rsa_1024 = NULL; static RSA *rsa_1024 = NULL;
@ -1103,8 +1104,12 @@ serviceSetTimeout(SERVICE *service, int val)
{ {
return 0; return 0;
} }
#ifdef UNSAFE_CODE
service->conn_timeout = val; service->conn_timeout = val;
#else
MXS_WARNING("The `connection_timeout` parameter is not safe for use. "
"The functionality is disabled for MaxScale "MAXSCALE_VERSION".");
#endif
return 1; return 1;
} }