在Oracle和SQL Server数据库中,可以设置一些复杂的账号密码策略,例如在失败登录超过N次即可锁定账号,那么在MySQL中能否也有这样的功能呢?答案是MySQL也有类似这样的功能,只不过在MySQL中是在其登录失败超过阀值后,延迟响应时间,而不是锁定账号,在MySQL 5.6.35以后提供了Connection-Control插件用来控制客户端在登录操作连续失败一定次数后的响应延迟。该插件可有效的防止客户端暴力登录的风险(攻击)。该插件包含以下2个组件
· CONNECTION_CONTROL:用来控制登录失败的次数及延迟响应时间
· CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS:该表将登录失败的操作记录至IS库中
下面我们介绍一下Connection-Control Plugins,下面实验的版本为MySQL 8.0.18。
继续阅读nginx配置webservice
#user nobody;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
upstream esbServer {
server 127.0.0.1:8083 weight=1 max_fails=2 fail_timeout=30s;
}
#gzip on;
server {
listen 8081;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location /ladder_web {
proxy_set_header X-real-ip $remote_addr;
proxy_pass http://esbServer;
}
}
}
nginx 配置mysql代理 — 基于nginx1.9以上 stream module 继续阅读
环境:Ubuntu 16.04、mysql5.7
最近在测试一个项目,遇到了MYSQL数据库,想尽办法提权,最终都没有成功,很是郁闷,可能是自己很久没有研究过提权导致的吧,总结一下MYSQL提权的各种姿势吧,权当复习了。关于mysql提权的方法也就那么几种,希望也能帮到各位小伙伴们。
一、利用mof提权
前段时间国外Kingcope大牛发布了mysql远程提权0day(MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day),剑心牛对MOF利用进行了分析,如下:
Windows 管理规范 (WMI) 提供了以下三种方法编译到 WMI 存储库的托管对象格式 (MOF) 文件:
方法 1: 运行 MOF 文件指定为命令行参数将 Mofcomp.exe 文件。
方法 2: 使用 IMofCompiler 接口和 $ CompileFile 方法。
方法 3: 拖放到 %SystemRoot%\System32\Wbem\MOF 文件夹的 MOF 文件。
Microsoft 建议您到存储库编译 MOF 文件使用前两种方法。也就是运行 Mofcomp.exe 文件,或使用 IMofCompiler::CompileFile 方法。
第三种方法仅为向后兼容性与早期版本的 WMI 提供,并因为此功能可能不会提供在将来的版本后,不应使用。 继续阅读
1.Slave I/O: error connecting to master ‘backup@192.168.1.x:3306’-retry-time: 60 retries: 86400,Error_code:1045
解决方法:
从服务器上删除掉所有的二进制日志文件,包括一个数据目录下的master.info文件和hostname-relay-bin开头的文件。
master.info::记录了Mysql主服务器上的日志文件和记录位置、连接的密码。
2. Errorreading packet from server: File ‘/home/mysql/mysqlLog/log.000001’ not found(Errcode: 2) ( server_errno=29)
解决方法:
由于主服务器运行了一段时间,产生了二进制文件,而slave是从log.000001开始读取的,删除主机二进制文件,包括log.index文件。
3.Slave SQL: Error ‘Table ‘xxxx’ doesn’t exist’ on query.Default database: ‘t591’.Query: ‘INSERT INTO `xxxx`(type,post_id,browsenum)
SELECT type,post_id,browsenum FROM xxxx WHEREhitdate=’20090209”, Error_code: 1146
解决方法:
由于slave没有此table表,添加这个表,使用slave start 就可以继续同步。 继续阅读
Galera Cluster is a synchronous multi-master database cluster, based on synchronous replication and Oracle’s MySQL/InnoDB. When Galera Cluster is in use, you can direct reads and writes to any node, and you can lose any individual node without interruption in operations and without the need to handle complex failover procedures.
At a high level, Galera Cluster consists of a database server—that is, MySQL or MariaDB—that then uses the Galera Replication Plugin to manage replication. To be more specific, the MySQL replication plugin API has been extended to provide all the information and hooks required for true multi-master, synchronous replication. This extended API is called the Write-Set Replication API, or wsrep API.
Through the wsrep API, Galera Cluster provides certification-based replication. A transaction for replication, the write-set, not only contains the database rows to replicate, but also includes information on all the locks that were held by the database during the transaction. Each node then certifies the replicated write-set against other write-sets in the applier queue. The write-set is then applied, if there are no conflicting locks. At this point, the transaction is considered committed, after which each node continues to apply it to the tablespace.
This approach is also called virtually synchronous replication, given that while it is logically synchronous, the actual writing and committing to the tablespace happens independently, and thus asynchronously on each node. 继续阅读
1、下载MySQL源码安装版本
到MySQL官网查找到相应版本下载,本文下载的是5.1版本
wget -c ftp://ftp.mirrorservice.org/sites/ftp.mysql.com/Downloads/MySQL-5.1/mysql-5.1.60.tar.gz
Fig 1. Typical management configuration
MySQL Cluster is designed to be a High Availability, Fault Tolerant database where no single failure results in any loss of service.
This is however dependent on how the user chooses to architect the configuration – in terms of which nodes are placed on which physical hosts, and which physical resources each physical host is dependent on (for example if the two blades containing the data nodes making up a particular node group are cooled by the same fan then the failure of that fan could result in the loss of the whole database).
Of course, there’s always the possibility of an entire data center being lost due to earthquake, sabotage etc. and so for a fully available system, you should consider using asynchronous replication to a geographically remote Cluster.
Fig 1. illustrates a typical small configuration with one or more data nodes from different node groups being stored on two different physical hosts and a management node on an independent machines (probably co-located with other applications as its resource requirements are minimal. If any single node (process) or physical host is lost then service can continue.
MySQL Master-Master replication adds speed and redundancy for active websites. With replication, two separate MySQL servers act as a cluster. Database clustering is particularly useful for high availability website configurations. Use two separate Linodes to configure database replication, each with private IPv4 addresses.
This guide is written for a non-root user. Commands that require elevated privileges are prefixed with
sudo. If you’re not familiar with thesudocommand, you can check our Users and Groups guide.This guide is written for Debian 7 or Ubuntu 14.04.