sugarScc commented on issue #8817: URL: https://github.com/apache/apisix/issues/8817#issuecomment-1425459584
> > > @sugarScc IMHO, auditing and constraints on SQL should be application-level requirements and probably should not be implemented based on TCP/UDP proxies. > > > > > > yes, we have another service to check whether the SQL is correct in application-level, the point is, when we find the SQL is malicious, can we break the TCP connection in apisix? > > We have a lot of things to do on APISIX if we want to intercept bad SQLs. > > 1. How did we analyze the MySQL protocol? How can we know if we get a complete SQL statement if we don't do this? In other words, how can we detect the protocol boundary? > 2. How to communicate with the external service? Which protocols? Retry? Timeout? How to handle these stuff? > > Anyway, you can develop such a feature if you want, but it doesn't like a standard feature. Got it, but if I assume that I have addressed those issue, and now I have following abilities: 1. able to find the bad SQLs; 2. able to communicate with external service. And now I only need one extra ability to implement this feature: 1. able to disconnect the TCP connection And I noticed we can delay one TCP connection when using xrpc(redis), does this mean we are able to close the TCP connection? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
