Saturday, May 26, 2007

Our First Project Meeting

Well I have to say, Skype is a piece of crap. Between the abysmal sound quality/compression artifacting and the compatibility issues with my Gentoo install we had a nightmare trying to communicate, eventually resorting to text chat.

I think we clarified a few ideas during this session, mostly spec-related but with one or two interesting ideas cropping up.

One notable thought was local auditing; how do we watch local administrators' queries? We can't capture packets from their session since they're working on the server itself so what can we do? This may involve a whole other branch of code that allows us to send local server events to the auditing server for storage and flagging. I'm not entirely sure how we're supposed to sit between the user and the mysql server, especially if the user is a domain/local administrator and has some determination not to get caught!

Another interesting thought was rules; flagging certain queries depending on their content, preferably based on some modular set of parameters that we can change on the fly. I'm thinking up a nice multi-threaded model for this at the moment, I'll have to go and look up pthread again to get the specifics on mutex usage for this one but I'm pretty certain it's doable. A polling model may be necessary in order to detect the addition of new parameters/rules, however, if we're to assume that they're added through the admin interface to the auditing database itself. I think there are some MySQL trigger-like options that could be used here.

Definitely looking forward to the next meeting and to getting some serious coding done, these distributed-type apps are always a laugh, I'm looking forward to getting my teeth into the MySQL C API specifically since I've only really used the MySQL++ library up until now and that's a bit limited.

I'm hoping that I'll be able to get involved with the design of the admin interface at some point, and that Umair will throw some ideas my way regarding the query interpretation module, adding a nice bit of overlap to our work. I think an interface based on Ajax design principles would be ideal, and not very difficult to implement if we were to write the php database-query functions first and the actual display afterwards. We'll see though...

Thursday, May 24, 2007

Entry the First

Well there hasn't been any actual coding work done yet, this is just the project setup phase. This blog is connected to the Google Summer of Code 2007 Project "MySQL Auditing Software", the project page can be found at this link.

The project team is composed of myself, Umair Mehmood and the project mentor, Sheeri Kritzer. We'll be holding a conference call this Friday on Skype in order to exchange notes and design ideas.

I already have a fair idea of how this software can be designed, based on discussions with the project team members and research done into similar products I believe that a design based on passive packet capture is a good way to go. The resulting captured data can then be interpreted and reformed in whatever way we see fit before being passed on to the database servers.