Does MySQL Router offer any protection of MySQL-DBs behind it?

Question

I recently stumbled upon MySQL Router. Its documentation defines it's purpose as follows:

MySQL Router is part of InnoDB cluster, and is lightweight middleware that provides transparent routing between your application and back-end MySQL Servers.

As I could not find any Information about the inner workings of it, I was wondering if it can be compared to a Load Balancer or Reverse Proxy in the HTTP world.

As Reverse Proxies are often used to add another security layer to your web application, I'd like to know, if this is something, that MySQL router could also achieve (unintentionally).

yes the MySQL Router does indeed hide the ip adresses/hostnames from the MySQL server(s). — Raymond Nijland, Aug 25 '19 at 17:51

score 1 · Accepted Answer · answered Aug 19 '19 at 13:11

Maybe and only for DoS attacks. I see it's only like a load balancer. For some extra security I would advice ProxySQL and then implement similar approach to https://www.percona.com/blog/2016/08/23/how-to-stop-an-offending-query-with-proxysql/ .

Explanation:

For databases main worst attack vector is SQL injection so routing/load balancing queries won't make any difference but blocking a query is much more better.

Best practice is to log every query and alert on some suspicion. Best case to use WAF but here ProxySQL acts like a database WAF.

Does MySQL Router offer any protection of MySQL-DBs behind it?

1 Answers1