MySqlConnector icon indicating copy to clipboard operation
MySqlConnector copied to clipboard

Published 20 hours ago verified publisher icon mysql-net

Verify server ID before KILL QUERY to prevent cross-server cancellation

Open Copilot opened this issue 4 months ago • 0 comments

In layer 4 load-balanced MySQL environments, MySqlCommand.Cancel could potentially cancel queries on the wrong server if connection IDs are reused across different MySQL servers. The original implementation only used IP address connection targeting, but this may not be sufficient in complex load-balanced scenarios.

Solution

This PR adds server identity verification using MySQL's @@server_uuid and @@server_id system variables to ensure KILL QUERY commands target the correct server.

Key Changes

  1. Server Identification Storage

    • Added ServerUuid and ServerId properties to ServerSession
    • Server UUID is preferred (more unique) over server ID
    • Falls back to server ID for MySQL versions < 5.6

  2. Connection Enhancement

    • Added GetServerIdentificationAsync() to query server identification during connection establishment
    • Queries SELECT @@server_uuid, @@server_id (MySQL 5.6+) or SELECT @@server_id (older versions)
    • Robust error handling with graceful fallback

  3. Cancellation Verification

    • Modified DoCancel() to verify server identity before executing KILL QUERY
    • Aborts cancellation with warning log if server identities don't match
    • Maintains backward compatibility when no identification is available

Example Scenarios

Same server (allowed):

Original connection: Server UUID=abc-123, Server ID=1
Kill connection:     Server UUID=abc-123, Server ID=1
Result: ✓ KILL QUERY executed

Different server (blocked):

Original connection: Server UUID=abc-123, Server ID=1  
Kill connection:     Server UUID=def-456, Server ID=2
Result: ✗ Cancellation aborted, warning logged

Compatibility

  • ✅ No breaking changes to existing APIs
  • ✅ Backward compatible with older MySQL versions
  • ✅ Graceful handling of unsupported server variables
  • ✅ Existing code requires no modifications

Testing

  • Added comprehensive unit tests for server identity verification logic
  • Added integration tests for end-to-end cancellation behavior
  • Validated backward compatibility with older MySQL versions
  • Tested error handling and fallback scenarios

The implementation ensures KILL QUERY commands are safe and reliable in load-balanced MySQL environments while maintaining full backward compatibility.

Fixes #1574.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot avatar Jun 25 '25 21:06 Copilot