Comments (7)
Nice catch.
(but you will have to move the keys into AcraServer’s key storage manually).
This row is not relevant and incorrect. We will remove it. acra-poisonrecordmaker
generates poison record that you should place into your storage. If you didn't generate keys for poison records, this tool will generate it automatically. By default it will place it to .acrakeys
folder using specified ACRA_MASTER_KEY. So, if you run acra-poisonrecord
that configured to use acra-server's keystore, then you don't need to do anything more.
But you should keep in mind, that tool generates binary poison record encoded into the base64 to print it to stdout. But storages uses binary format. PostgreSQL uses bytea, MySQL BINARY/BLOB. So, you need decode base64 output and save into the db poison record in the binary format
from acra.
So I need to run acra-poisonrecordmaker
, base64-decode the output and store it in the database?
In case of MySQL, are the following commands the right way to place a poison record?
acra-poisonrecordmaker
JSUl2wAAAAAAAADxIiIiIiIiIiJVRUMyAAAALTls2DQDONAG1vIFH/KyTqZzUFXlHzPRN9rVxoREcOIsDh0i8ScgJwQmVAAAAAABAUAMAAAAEAAAACAAAADqxJKo+kJ9oNUn6bI9WKaPJSaIx1hm9TG7AtkzgBYyGJ1jaTNSlA385Rf7wGnNLPE+mpZhAldNc6cLn00+AAAAAAAAAAABAUAMAAAAEAAAABIAAABnESuzeVeVfsNUlsyRmA2ezKkOVpKRhvCzxv6NTAAxkafxOWdM119lnJw0ghT4
INSERT INTO users (user_id,password) VALUES (994, FROM_BASE64('JSUl2wAAAAAAAADxIiIiIiIiIiJVRUMyAAAALTls2DQDONAG1vIFH/KyTqZzUFXlHzPRN9rVxoREcOIsDh0i8ScgJwQmVAAAAAABAUAMAAAAEAAAACAAAADqxJKo+kJ9oNUn6bI9WKaPJSaIx1hm9TG7AtkzgBYyGJ1jaTNSlA385Rf7wGnNLPE+mpZhAldNc6cLn00+AAAAAAAAAAABAUAMAAAAEAAAABIAAABnESuzeVeVfsNUlsyRmA2ezKkOVpKRhvCzxv6NTAAxkafxOWdM119lnJw0ghT4'));
from acra.
You didn't decode base64 output. If you want store in with INSERT query, then decode base64 to binary, then encode to hex:
echo -n 'JSUl2wAAAAAAAADxIiIiIiIiIiJVRUMyAAAALTls2DQDONAG1vIFH/KyTqZzUFXlHzPRN9rVxoREcOIsDh0i8ScgJwQmVAAAAAABAUAMAAAAEAAAACAAAADqxJKo+kJ9oNUn6bI9WKaPJSaIx1hm9TG7AtkzgBYyGJ1jaTNSlA385Rf7wGnNLPE+mpZhAldNc6cLn00+AAAAAAAAAAABAUAMAAAAEAAAABIAAABnESuzeVeVfsNUlsyRmA2ezKkOVpKRhvCzxv6NTAAxkafxOWdM119lnJw0ghT4' | base64 -d | xxd -ps -c 2000 | tr -d '\n'
You will get:
252525db00000000000000f12222222222222222554543320000002d396cd8340338d006d6f2051ff2b24ea6735055e51f33d137dad5c6844470e22c0e1d22f1272027042654000000000101400c0000001000000020000000eac492a8fa427da0d527e9b23d58a68f252688c75866f531bb02d933801632189d63693352940dfce517fbc069cd2cf13e9a966102574d73a70b9f4d3e00000000000000000101400c000000100000001200000067112bb37957957ec35496cc91980d9ecca90e56929186f0b3c6fe8d4c003191a7f139674cd75f659c9c348214f8
Then according to MySQL doc you can send it as hexadecimal literal:
INSERT INTO users (user_id,password) VALUES (994, FROM_BASE64(X'252525db00000000000000f12222222222222222554543320000002d396cd8340338d006d6f2051ff2b24ea6735055e51f33d137dad5c6844470e22c0e1d22f1272027042654000000000101400c0000001000000020000000eac492a8fa427da0d527e9b23d58a68f252688c75866f531bb02d933801632189d63693352940dfce517fbc069cd2cf13e9a966102574d73a70b9f4d3e00000000000000000101400c000000100000001200000067112bb37957957ec35496cc91980d9ecca90e56929186f0b3c6fe8d4c003191a7f139674cd75f659c9c348214f8'));
from acra.
Unfortunately the INSERT query returns an error:
ERROR 1958 (HY000): Bad base64 data as position 0
Can you provide a minimal working example? The documentation is all about creating the record and not about storing it in a database table.
Thanks!
from acra.
I missed that you example contained FROM_BASE64(...)
. Use you variant
INSERT INTO users (user_id,password) VALUES (994, FROM_BASE64('JSUl2wAAAAAAAADxIiIiIiIiIiJVRUMyAAAALTls2DQDONAG1vIFH/KyTqZzUFXlHzPRN9rVxoREcOIsDh0i8ScgJwQmVAAAAAABAUAMAAAAEAAAACAAAADqxJKo+kJ9oNUn6bI9WKaPJSaIx1hm9TG7AtkzgBYyGJ1jaTNSlA385Rf7wGnNLPE+mpZhAldNc6cLn00+AAAAAAAAAAABAUAMAAAAEAAAABIAAABnESuzeVeVfsNUlsyRmA2ezKkOVpKRhvCzxv6NTAAxkafxOWdM119lnJw0ghT4'));
or mine without FROM_BASE64
INSERT INTO users (user_id,password) VALUES (994, X'252525db00000000000000f12222222222222222554543320000002d396cd8340338d006d6f2051ff2b24ea6735055e51f33d137dad5c6844470e22c0e1d22f1272027042654000000000101400c0000001000000020000000eac492a8fa427da0d527e9b23d58a68f252688c75866f531bb02d933801632189d63693352940dfce517fbc069cd2cf13e9a966102574d73a70b9f4d3e00000000000000000101400c000000100000001200000067112bb37957957ec35496cc91980d9ecca90e56929186f0b3c6fe8d4c003191a7f139674cd75f659c9c348214f8');
Both should work. You need just save binary value in proper way for your database.
If you want an example, please provide a reproducible environment ready to run and extension. Some docker-compose with working mysql, generated keys, configured acra-server to work with this database, generated poison record and dumped into some file and entrypoint that has access to the database and this poison record in the file. It will help not to spend much time reproducing your environment to write 1 valid SQL query
from acra.
OK, got it. I now have inserted a poison record into the users
table.
Next, I start the acra-server
with poison_detect_enable
:
acra-server --mysql_enable=true --db_host=10.5.1.95 --db_port=3306 --incoming_connection_string=tcp://0.0.0.0:3306 -v --poison_detect_enable=true --poison_shutdown_enable=true
Now, when a client requests SELECT * FROM users;
it receives the full table including the poison record. The log file of acra-server
does not warn or shut down.
Do I have to include acra-censor
to make poison record detection work? Thanks for your help.
from acra.
Do I have to include acra-censor to make poison record detection work?
No, you don't need.
We tested it locally with MySQL and poison records, with your flags and all still works. Plus, we have integration tests that do the same.
If you still having problems, please provide docker-compose file that reproduces your environment with all params and steps that you do.
You can find our docker-compose examples in our engineering demos for acra-server that depends on key generation and databases. Example how we do it for python script.
from acra.
Related Issues (20)
- [ISSUE] AcraServer 0.93 + PostgreSQL | Encryption not working with batch insert HOT 4
- [ISSUE] Acra is not parsing inserts ending in 'RETURNING 0' HOT 4
- [ISSUE] Using Acra as proxy/encryptor with rails app fails to encrypt HOT 4
- [ISSUE] Acra throws errors on tables with columns wrapped with double quotes HOT 3
- [ISSUE] Acra replaces null values by an empty string when using prepared statements HOT 3
- [ISSUE] tls_ocsp_from_cert: ignore doesn't ignore database OCSP, undocumented behaviour HOT 4
- Clarification on replacement of Zones HOT 2
- [ISSUE] Tokenization in MariaDB HOT 2
- Question HOT 2
- [ISSUE] "Error 2006: MySQL server has gone away" while executing mysqli prepared statements HOT 1
- [ISSUE] PAN masking does not meet the PCI SSC requirements HOT 1
- Question about AcraCensor: SQL query without "FROM" HOT 2
- Online SQL grammar editor/tester
- Ask: How to use Masking? HOT 3
- [ISSUE] Encryption Not working HOT 4
- [ISSUE]Reducing overhead HOT 3
- [ISSUE]Supported MySQL Versions HOT 2
- [Query] acraserver in distributed environment behind load balancer HOT 4
- [ISSUE] Index on encrypted column HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acra.