Archive for December, 2021
Few More Additions to the List
Posted by Sriram Sanka on December 27, 2021
Posted in Uncategorized | Leave a Comment »
Log4j Zero-Day RCE (CVE-2021-44228) Vulnerability
Posted by Sriram Sanka on December 11, 2021
I came to know about this Critical Vulnerability last night, and below is actual info same as the original content/Post by REDHAT https://access.redhat.com/security/cve/cve-2021-44228, Posting this as it is as I thought Its more clear in their Page on their words.
Description
A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker’s JNDI LDAP server lookup.
Statement
This issue only affects log4j versions between 2.0 and 2.14.1. In order to exploit this flaw you need:
- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,
- A log statement in the endpoint that logs the attacker controlled data.
Due to the existence of JMS Appender which can use JNDI in the log4j 1.x, it is possible that log4j version 1.x is also affected by this vulnerability. The impact is still under investigation.
Mitigation
There are two possible mitigations for this flaw in versions from 2.10 to 2.14.1:
– Set the system property log4j2.formatMsgNoLookups to true, or
– Remove the JndiLookup class from the classpath. For example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class`
Possible Workaround :
In order to mitigate vulnerabilities, users should switch log4j2.formatMsgNoLookups to true by adding:”‐Dlog4j2.formatMsgNoLookups=True” to the JVM command for starting the application.
Latest log4j API can be downloadable from https://logging.apache.org/log4j/2.x/download.html
Source :
https://access.redhat.com/security/cve/cve-2021-44228
Posted in Security | Leave a Comment »
MySQL Load Data Statement – Performance
Posted by Sriram Sanka on December 10, 2021
As mentioned in the MySQL Documentation here https://dev.mysql.com/doc/refman/8.0/en/load-data.html ,
The
LOAD DATAstatement reads rows from a text file into a table at a very high speed. The file can be read from the server host or the client host, depending on whether theLOCALmodifier is given.LOCALalso affects data interpretation and error handling.
Lets Run a Quick Test !
Loading Data Into a Table in the local Database using MySQL workbench Executed around 35Min (2098.781 Sec) for 35K records.
Now Lets Truncate the Table and re-load the data using LOAD DATA Statement
BOOM ! Job Done within 2 Sec.
Posted in LoadTest, MySql, Performance | Leave a Comment »
Error using MySQL Workbench – unhandled exception list index out of range.
Posted by Sriram Sanka on December 10, 2021
While Loading the data using MySQL Workbench, you may hit the error unhandled exception list index out of range
There are no clues in the workbench log files, in such cases you can load the Data Using MySQL LOAD DATA Statement . Which will load the data very fast and without errors.
mysql> LOAD DATA LOCAL INFILE "C:/\Patient.csv"
-> INTO TABLE xxhc_patient
-> FIELDS TERMINATED BY ','
-> ENCLOSED BY '"'
-> LINES TERMINATED BY '\n'
-> IGNORE 1 ROWS;
Query OK, 58 rows affected, 232 warnings (0.04 sec)
Records: 58 Deleted: 0 Skipped: 0 Warnings: 232
In case if you get the following errors , run the below commands and re-execute load data statements.
ERROR: Loading local data is disabled - this must be enabled on both the client and server sides
ERROR 2068 (HY000): LOAD DATA LOCAL INFILE file request rejected due to restrictions on access.
mysql> SET GLOBAL local_infile=1;
mysql --local_infile=1 -u<username> -p<Password> DB_NAME
Posted in MySql | Leave a Comment »
Sriram Sanka - My Experiences with Databases & More 