Re: mysql network security

2003-11-06 Thread Doug Clements 
On Thu, Nov 06, 2003 at 11:41:54AM -0600, Andrew Falgout wrote:
 Does anyone know of a method for encrypting the network traffic to and from a mysql 
 database running on Redhat ES 2.1?  At the moment, only perl automation and php web 
 pages are accessing the database.

You could tunnel your connections over an ssh tunnel, or setup an ipsec tunnel.

--Doug

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

Re: mysql network security

2003-11-06 Thread Doug Clements 
Well, you would only need to setup a single ssh tunnel. All your different apps could 
then use the single tunnel. You could even setup RSA authentication so that it could 
start manually with no password entering required. Have it automatically come up on 
boot, etc.

MySQL has no encryption built-in, as far as I know. I would be surprised if it did. 
The correct way would be to use an established mechanism for secure communications 
such as ssh or ipsec instead of re-implementing basically the same thing in the 
application. I would not so much recommend pptp. SSH would likely be much easier to 
setup (especially if you're already using unix-like machines on both the client and 
server) and definately more secure. IPSEC would also be significantly more difficult, 
but you wouldn't have to worry so much about the secure session going down.

--Doug

On Thu, Nov 06, 2003 at 12:12:14PM -0600, Andrew Falgout wrote:
 Thanks for the quick response.  I've never setup an ipsec before.  I have
 been toying with the idea of using cipe to create a PPTP virtual network for
 the server to talk on.  But the time to work on this project has not
 presented itself as of yet.  I was wondering if there was an interface
 within mysql that would allow for encrypted traffic.  The majoroity of my
 connection are cron jobs doing automated tasks, an ssh connection feels
 icky. (Yes.. a technical term)
 
 - Original Message - 
 From: Doug Clements [EMAIL PROTECTED]
 To: Andrew Falgout [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Sent: Thursday, November 06, 2003 12:03 PM
 Subject: Re: mysql network security
 
 
  On Thu, Nov 06, 2003 at 11:41:54AM -0600, Andrew Falgout wrote:
   Does anyone know of a method for encrypting the network traffic to and
 from a mysql database running on Redhat ES 2.1?  At the moment, only perl
 automation and php web pages are accessing the database.
 
  You could tunnel your connections over an ssh tunnel, or setup an ipsec
 tunnel.
 
  --Doug
 
  -- 
  MySQL General Mailing List
  For list archives: http://lists.mysql.com/mysql
  To unsubscribe:
 http://lists.mysql.com/[EMAIL PROTECTED]
 
 

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

Warning: thr_alarm queue is full errors and panic with invalid backtrace

2003-07-17 Thread Doug Clements 
Description:
I'm running mysql in a 3 server configuration, with 2 servers being slaves
to the first. I'm running vpopmail, which means a connection every incoming
mail and every check. I woke up this morning to a mysql that wasn't
answering connections, and that had left this in the log:

030716 13:48:06  InnoDB: Started
mysqld got signal 11;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help
diagnose
the problem, but since we have already crashed, something is definitely
wrong
and this may fail.

key_buffer_size=8388600
read_buffer_size=131072
Fatal signal 11 while backtracing
030716 13:48:07  mysqld restarted

Before this, I got thousands of these:
Warning: thr_alarm queue is full

I checked the logs of the other 2 replication clients, and they also had the
alarm queue error, and were also sucking up large resources. I was not able
to connect to them, either.

Before those, both replication clients had this logged:
030716 13:42:45  Slave: received 0 length packet from server, apparent
master shutdown:
030716 13:42:45  Slave I/O thread: Failed reading log event, reconnecting to
retry, log 'courtney-bin.016' position 38236125
030716 13:42:45  Slave I/O thread: error reconnecting to master
'[EMAIL PROTECTED]:3306': Error: 'Can't connect to MySQL
server on 'ip-address-changed' (61)'  errno: 2003  retry-time: 10  retries:
86400


How-To-Repeat:
I'm not sure what is triggering this. I was hoping the backtrace might help
on that, but crashing while getting a backtrace isn't exactly promising. I
have dome some small amount of tuning, which involves setting the
max_connections to 500 and max_connect_errors to 50, on all machines. The
binary log on the master server is rotated nightly and kept around for about
a week.

Fix:
Unknown. I restarted all 3 mysqld processes and it seems to be going ok now.

Submitter-Id: submitter ID
Originator: User 
Organization:

MySQL support: none
Synopsis: Warning: thr_alarm queue is full errors and panic with invalid
backtrace
Severity: serious
Priority: medium
Category: mysql
Class: sw-bug
Release: mysql-4.0.13 (FreeBSD port: mysql-server-4.0.13_1)
Server: /usr/local/bin/mysqladmin  Ver 8.40 Distrib 4.0.13, for
portbld-freebsd4.8 on i386
Copyright (C) 2000 MySQL AB  MySQL Finland AB  TCX DataKonsult AB
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL license

Server version 4.0.13-log
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /tmp/mysql.sock
Uptime: 23 min 12 sec

Threads: 11  Questions: 37671  Slow queries: 0  Opens: 42  Flush tables: 1
Open tables: 36  Queries per second avg: 27.062
C compiler:2.95.4
C++ compiler:  2.95.4
Environment:

System: FreeBSD courtney.linkline.com 4.8-RELEASE FreeBSD 4.8-RELEASE #2:
Fri Jun 20 11:39:35 PDT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/COURTNEY  i386


Some paths:  /usr/bin/perl /usr/bin/make /usr/local/bin/gmake /usr/bin/gcc
/usr/bin/cc
GCC: Using builtin specs.
gcc version 2.95.4 20020320 [FreeBSD]
Compilation info: CC='cc'  CFLAGS='-O -pipe  -O3 -fno-omit-frame-pointer'
CXX='cc'

CXXFLAGS='-O -pipe  -O3 -fno-omit-frame-pointer -felide-constructors -fno-rt
ti -fno-exceptions'  LDFLAGS=''  ASFLAGS=''
LIBC:
-r--r--r--  1 root  wheel  1223544 Jun 20 14:26 /usr/lib/libc.a
lrwxr-xr-x  1 root  wheel  9 Jun 20 14:26 /usr/lib/libc.so - libc.so.4
-r--r--r--  1 root  wheel  577872 Jun 20 14:26 /usr/lib/libc.so.4
Configure command: ./configure '--localstatedir=/var/db/mysql'
'--without-debug' '--without-readline' '--without-bench'
'--without-extra-tools' '--with-libwrap' '--with-mysqlfs' '--with-vio'
'--with-low-memory' '--with-comment=FreeBSD port: mysql-server-4.0.13_1'
'--enable-thread-safe-client' '--enable-assembler' '--with-berkeley-db'
'--prefix=/usr/local' '--build=i386-portbld-freebsd4.8'
CFLAGS=-O -pipe  -O3 -fno-omit-frame-pointer' 'CXX=cc'
'build_alias=i386-portbld-freebsd4.8' 'CC=cc'
'CXXFLAGS=-O -pipe  -O3 -fno-omit-frame-pointer -felide-constructors -fno-rt
ti -fno-exceptions'
Perl: This is perl, version 5.005_03 built for i386-freebsd



-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]