I want to start by saying that I have never used Apache Ignite and only briefly played around with H2. I have a client who uses Ignite and in their own code they interact with the H2 database in Ignite. The code is very complex so it's hard for me to explain exactly what their code uses the H2 database for but I believe it to be irrelevant to the question.
Through an SQL injection it was possible to execute H2 functions such as "FILE_WRITE" and "FILE_READ". The H2 database appears to be running the SA account and is also running as root which made it possible to overwrite sensitive files on the system.
If we ignore the fact that there is an SQL injection that obviously needs fixing, can the SA account for H2 in Ignite be changed to a low privileged user to stop the usage of the FILE_READ and FILE_WRITE functions?
If Ignite is run as root, then I assume H2 is run as root as well in the system? Is it correct to assume that it is the Ignite process that needs to be downgraded to a low privileged account for H2 to not be run as root as well?
I currently do not have access to the system in question but it has been requested, but I know for a fact that FILE_WRITE could be used, and that a sensitive file could be overwritten (that was only writable by root).
Not a direct answer to your question, but this is fixed in Apache Ignite 2.8.1. See the announcement.
And yes, don't run Ignite as "root" for exactly the reason you suggest.
Related
I have a Java Spring project which does a lot of database reading. The database I have available is a shared postgresql database on a remote machine and it's quite slow to get data from it, especially when I'm doing a lot of back-and-forth.
When I'm doing local testing and development, I use the embedded H2 in-memory database. Things easily go 100 times faster.
This made me wonder. Is there a way to use the embedded H2 in-memory database so that:
Data manipulation (INSERT, UPDATE, DELETE) is ("eventually") replicated to the PostgreSQL database
Upon start/restart of the Spring project, the H2 database is automatically filled with the data of the PostgreSQL server
This would allow me to use the fast H2 to provide a seamless user experience while at the same time also storing the data in a longer-term data storage. In a way, I'd be using the H2 as a fully cached version of the PostgreSQL database.
Is there a known / standardized way to approach this? Google for H2 and PostgreSQL and replication gives me results on transitioning from one to the other, but I'm not finding much as to using one as a sort of cache for the other.
I remain on the lookout for a Spring / JPA / Hibernate focused answer, but if none comes: I may have found an alternative domain to investigate. Dedicated database replication software might be able to manage this. Specifically, I've discovered SymmetricDS, which seems (I've only given the documentation a cursory glance) like it might be able to be embedded into my Spring application, do an initial load of my embedded in-memory H2 database on startup and then trickle feed data changes to the remote database.
(I'm not in any way affiliated with SymmetricDS, it just looks like it might be a solution.)
I have to deal with the following scenario for spring application with Oracle database:
Spring application uses the primary database. In the meantime the secondary database stores data for disaster recovery (from primary).
The first step is currently provided. At this moment I have to implement:
When the primary database gets offline application should change the connection to the secondary database).
The implementation should be programmatically. How can I achieve that without changing the code that currently exists? Is there any working solution (library)?
I think about AbstractRoutingDataSource and ping databases (e.g. every 5 seconds) but I'm not sure about this solution.
So, let's to summarize the issue. I was unable to use Oracle RAC (Real Application Cluster). If the implementation should be programmatically you can try AbstractRoutingDataSource approche.
I have implemented timer that pings current database every 1 second (you can use validation query and check if you can read from database... if no we assume there is no connection and we can switch a datasource).
Thanks to that I was able to change datasource on runtime when current datasource is offline. What is more important it was automatic.
On the other hand, there are disadvantages:
For short time user can see the errors if the database is not
switched yet.
Some part of application may stop working if it is not properly
secured against the lack of connection to the database.
We have multiple oracle schema which we want to import in to somekind of inmemory db so that when we run our integration test we can use that db and run our tests faster.
Is there anyway we this can be achieved using something like HSQL db. We are using spring framework and it does support inmemory db.
Any link to some resource would be highly appreciated.
Try force full database caching mode, if you're using 12.1.0.2. It's not exactly the same as a full in-memory database, but it should be closer.
alter database force full database caching;
In-memory database performance is over-rated anyway. Oracle's "old-fashioned" asynchronous IO and caching often work just fine. For example, in this question, accessing a temporary table (which is stored on disk) runs faster than an equivalent solution using in-memory data structures. And I've seen a small Oracle database handle petabytes of IO with the "boring" old buffer cache.
Or when you say "run our tests faster", are you referring to a more agile database; one that can be controlled by an individual, instead of the typical monolithic Oracle database installed on a server? I see that issue a lot, and there's no technical reason why Oracle can't be installed on your desktop. But that can be a tough cultural battle.
Yes, you can use HSQLDB for the purpose of unit testing - see this post for more information on how to integrate with Spring.
Also, see this list as a good starting point for different usages of HSQLDB.
My delayed job has something to do with exporting slightly edited version of most of the tables in the app's database, and while doing so, it is critical that none of the current data is being edited.
Is it possible to lock the entire database while running this delayed job?
More Information:
The database to be exported is in PostgreSQL, Heroku's postgresql database, to be more specific.
The flow is something like (all below should be done automatically by the code):
site would be put in maintenance mode,
freeze then export the database, then
when exporting is complete, re-activate the site back
Given there is not a lot of information with your question, I am going to answer you as best I can.
1) What is the database type and model? Is it a standalone DB like MS Access or Informix SE?
2) If not a standalone engine, does this database support replication. I used to work a lot with MS SQL Server, and replication had implications while the database was live and being edited. That is the implications were whether edited data was replicated. In this case, consult the docs. Is it an option to use replication to preserve the current database?
3) What kind of task is this? It sounds like maintenance. Our Informix SE databases lock when being imported or exported. On the production server, it is my job to make sure no local server applications are trying to access the locked DB, and that our external payments web site cannot interfere while the db is locked.
4) If this is a production site that is not in maintenance mode, then I suggest you probably do not want to lock an entire database.
I am sorry for not answering your question directly, but more information is needed like are you asking if this can be done from the Ruby DB interface on some model of db.
For MySQL, the MXJ connector makes it very easy to launch a managed MySQL instance.
I know that Oracle provides Oracle XE for quick setup, but I've only found an RPM distribution that needs to be installed. Is there a neatly packaged jar that I can just drop in the classpath and start up by calling a specific JDBC url, a la HSQLDB or MXJ?
I'm interested in having developers use this locally for running tests, as well as on our continuous integration server.
The short answer is No. Oracle is a big meaty chunk of database. Amongst other things, it generally expects itself to be run by its own special user rather than the client user.
For simplicity, your best bet is a separate DB server with each of your developers having their own username/password (and hence their own independent schema) in the database.
Although Oracle does not provide an embedded database, spinning up a local Docker container running Oracle XE might be an ideal way to accommodate Oracle-specific local integration tests. Since Docker containers are ephemeral in nature by design, the database could also be completely torn down as desired providing clean sandboxing.
The alexeiled/docker-oracle-xe-11g image on DockerHub I found has particularly clear setup and documentation instructions: https://hub.docker.com/r/alexeiled/docker-oracle-xe-11g/
After spinning up the Docker container, be sure to:
First connect to the APEX web console, login, as per the instructions
Then open Oracle SQL Developer and select Reset Password... first. Otherwise the following error may be thrown java.lang.ArithmeticException when attempting to get connection in Oracle 11.2.0.2.0 (64 bit)
As the documentation describes, the docker run command can also be designed to automatically run SQL scripts on the container's startup, which could also be very valuable in the CI/integration testing workflow.
Hope this helps!