1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision: 325471 $ -->
<book xml:id="book.mysqlnd-uh" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<title>Mysqlnd user handler plugin</title>
<titleabbrev>mysqlnd_uh</titleabbrev>
<preface xml:id="intro.mysqlnd-uh">
&reftitle.intro;
<para>
The mysqlnd user handler plugin (<literal>mysqlnd_uh</literal>)
allows users to set hooks for most internal calls of the
MySQL native driver for PHP
(<literal><link linkend="book.mysqlnd">mysqlnd</link></literal>).
Mysqlnd and its plugins, including PECL/mysqlnd_uh, operate on a layer
beneath the PHP MySQL extensions. A mysqlnd plugin can be considered
as a proxy between the PHP MySQL extensions and the MySQL server
as part of the PHP executable on the client-side. Because the plugins
operates on their own layer below the PHP MySQL extensions,
they can monitor and change application actions without requiring
application changes. If the
PHP MySQL extensions (<link linkend="ref.mysqli">mysqli</link>,
<link linkend="ref.mysql">mysql</link>,
<link linkend="ref.pdo-mysql">PDO_MYSQL</link>) are compiled to
use <literal>mysqlnd</literal> this can be used for:
<itemizedlist>
<listitem>
<para>
Monitoring
</para>
<para>
<itemizedlist>
<listitem>
<para>
Queries executed by any of the PHP MySQL extensions
</para>
</listitem>
<listitem>
<para>
Prepared statements executing by any of the PHP MySQL extensions
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
Auditing
</para>
<para>
<itemizedlist>
<listitem>
<para>
Detection of database usage
</para>
</listitem>
<listitem>
<para>
SQL injection protection using black and white lists
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
Assorted
</para>
<para>
<itemizedlist>
<listitem>
<para>
Load Balancing connections
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
</itemizedlist>
</para>
<para>
The MySQL native driver for PHP (<link linkend="book.mysqlnd">mysqlnd</link>)
features an internal plugin C API. C plugins, such as the mysqlnd
user handler plugin, can extend the functionality of
<link linkend="book.mysqlnd">mysqlnd</link>. PECL/mysqlnd_uh
makes parts of the internal plugin C API available to the
PHP user for plugin development with PHP.
</para>
<note>
<title>Status</title>
<para>
The mysqlnd user handler plugin is in alpha status.
Take appropriate care before using it in production environments.
</para>
</note>
<section xml:id="mysqlnd-uh.security">
<title>Security considerations</title>
<para>
PECL/mysqlnd_uh gives users access to MySQL user names, MySQL password
used by any of the PHP MySQL extensions to connect to MySQL.
It allows monitoring of all queries and prepared statements exposing
the statement string to the user. Therefore, the extension should be
installed with care. The <literal>PHP_INI_SYSTEM</literal> configuration setting
<literal><link linkend="ini.mysqlnd-uh.enable">mysqlnd_uh.enable</link></literal>
can be used to prevent users from hooking mysqlnd calls.
</para>
<para>
Code obfuscators and similar technologies are not suitable to prevent
monitoring of mysqlnd library activities if PECL/mysqlnd_uh is made
available and the user can install a proxy, for example,
using <link linkend="ini.auto-prepend-file">auto_prepend_file</link>.
</para>
</section>
<section xml:id="mysqlnd-uh.docs-note">
<title>Documentation note</title>
<para>
Many of the mysqlnd_uh functions are briefly described because
the <link linkend="ref.mysqli">mysqli</link> extension is
a thin abstraction layer on top of the MySQL C API that
the <literal>mysqlnd</literal> library provides. Therefore,
the corresponding <link linkend="ref.mysqli">mysqli</link> documentation
(along with the MySQL reference manual) can be consulted
to receive more information about a particular function.
</para>
</section>
<section xml:id="mysqlnd-uh.name">
<title>On the name</title>
<para>
The shortcut <literal>mysqlnd_uh</literal> stands for
<literal>mysqlnd user handler</literal>, and has been the name
since early development.
</para>
</section>
</preface>
&reference.mysqlnd-uh.quickstart;
&reference.mysqlnd-uh.setup;
&reference.mysqlnd-uh.constants;
&reference.mysqlnd-uh.mysqlnduhconnection;
&reference.mysqlnd-uh.mysqlnduhpreparedstatement;
&reference.mysqlnd-uh.reference;
&reference.mysqlnd-uh.changes;
</book>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
|
