 Perfect. Thank you. So, hello. Good morning. Good afternoon. Good evening. My name is Vareen Baudaria. Today I'm going to talk about how you can use MySQL's component, Service Infrastructure, to extend MySQL and plug in the customized feature which meets your needs. And I will also showcase a toy component which I developed to show how easy it is and how useful functionality you can provide using this infrastructure. So, you know, without what I do, let me just dive in. So, this standard safe hour statement, this trip is as information only. Great. So, the main topic is how component infrastructure is better than MySQL's plug-in architecture. So, MySQL has been allowing users, developers, customers to extend functionality provided by MySQL through plug-in interfaces. Plugins are predefined types which has hooks at various places within the server. There are predefined set of APIs registered with each plug-in. And using these APIs, one can extend MySQL's functionality and provide something that's not there by default or something which is specific to a user's own requirement. So, to summarize what plug-in infrastructure provides us, you have a MySQL server binary which provides different plug-in APIs. And plug-ins will allow you to extend the functionality. If one plug-in wants to talk to another plug-in, there is something called plug-in services. It's kind of an infrastructure which is provided by MySQL server binary, which allows plug-in to talk to each other and leverage on each other's functionality. However, there are two main rubrics of MySQL's plug-in infrastructure. Well, it's been there since long, probably 5.5 or 5.1, if I'm not wrong. There are only fixed plug-in types. It is very difficult to extend plug-in types because a lot of plumbing work is required within the server binary itself to provide new types of plug-in. And if a user or if a developer wants to do something which was not there before, the code changes can be quite substantial. So, it's very difficult to extend. That was part one. The part two is that plug-in cannot directly talk to each other. There is an interface called plug-in services, which basically is required. And it's sort of act as a middleman. It has to be there. This plug-in services are part of MySQL server binary, and they are very expensive in terms of your portfolio operation. So, again, depending on which plug-in should talk to which other plug-in, this plug-in services needs to be extended as well. So, introducing a new plug-in type becomes a really, really challenging operation. Now, the MySQL fragrance project is heavily used even internally by MySQL developers to provide functionality in a way that the design is very modular. User has control over which all modules user can enable or disable. So, whichever limitation applies to a developer outside of MySQL applies to a developer within MySQL, probably many fold because, well, we have a rich set of MySQL plug-ins available, and we want to add more and more modular functionality with a predefined set of APIs. So, to basically remove these limitations to have a better architecture, we have introduced MySQL component infrastructure. In very basic terms, you can treat MySQL component infrastructure as a kind of a consumer, producer-consumer model, which is a service-oriented architecture to be specific. So, we have a registry which basically serves as the hub for both producer and consumer. A consumer can come into a registry and ask whether a particular type of service is available or not. You can define various services, and defining a service is as simple as defining a header file, nothing more. Once a service is defined, there can be multiple implementation of a service. For example, if you can see in this diagram, service A has been implemented by component foo, component bar, and component oven. It should say component balance. So, three different components can implement same service, which means that if you have a functionality for, let's say, password validation, different customer or different developer can write their own way of doing password validation and provide the functionality on their own. Now, all these components are loaded to something called dynamic loader. It basically allows a shared library to load its code and attach itself with MySQL server, and it registers all this implementation with the registry. So, the components are producers of services, whereas if a consumer wants it, for example, on the left-hand side of the screen, you can see that there is a consumer service which wants to use the service B. It can request service registry to provide a handle to an implementation which provides service B, in which case this is component bar. A consumer can also request an implementation, not just a service. A component consumer can say that I want an implementation A provided by a particular component, let's say component foo, and registry will return the handle to that. It can be used by the consumer. So, this is an overview of the MySQL component infrastructure. Now, as I say, this is a service-oriented architecture. The registry for service discovery is a very lightweight process. It tries to minimize locks taken in order to search a service or to add a new service because this can create a serious problems in terms of scalability and performance. There are no predefined or hard-coded types. So, because of that, it is very easy to extend and add new services. So, and the key point is registry is type agnostic. It doesn't care which type of services are stored. Each service is recognized by the name. That's all. So, anyone can add new service and ask registry to provide a reference to an implementation which implements that service. So, it becomes really easy. And this allows MySQL engineering team to create highly modular code, provide small modules, small shared libraries, which can be optionally enabled at the time with MySQL server and provide little extra functionality needed by the user. And this is, again, since it's open source and it's available to everyone, everyone can use it and create their own component and provide, or well, they can create their own services for that matter and provide the functionality. Now, a little bit of terminology here. So, MySQL server uses something called a persistent dynamic loader. This is important because it allows MySQL server to load services across restart. So, you just have to do an install component once, once it is done. The path to that particular implementation is stored within MySQL server. And then every time restart, your component will be available for use. So, that's called persistent dynamic loader, which interfaces with dynamic loader, which again, in turn, helps you load a service, load a component. Now, all this component, which are loaded by persistent dynamic loader, are registered with registry. So, whose server wants to consume this service can look up this services in registry and search for it and ask for the handle to those things. So, some example of the services are user defined functions, performance schema system variables. All this are implemented as services in MySQL now. So, this is how MySQL server binary looks now. So, there is something called server component, which in itself is a component within MySQL server binary. This component houses something called minimal chassis. Minimal chassis is nothing but the bare minimum blocks required to support MySQL component infrastructure. It comprises of service registry and dynamic loader, just the two things. And using this, server component provides certain services by default. For example, error logging, TST management, query execution service, persistent dynamic loaders. All these services are part of the server component and they are loaded with the help of minimal chassis. Not only this, if any plugin or if any component is loaded alongside MySQL server, they can use this infrastructure, the infrastructure of minimal chassis, to ask for a different component or different service and use them in itself. So, we have made every attempt to make it easier and easier to use this in front. So, even the plugins can request and use new component services. So, it makes transition from plugin to component easier. You can, without really changing the code much, you can utilize new services in your plugin and then at your own pace, you can convert your plugin into a component. So, let me just now talk about the, how much service inventory we have. It's very mature now. We have 90 plus services within MySQL, ranging from service registry to error logging, services to get or set system variables, security context creation or modification, password validation, key rings, table access and whatnot. And we are constantly adding to the service repositories. We are constantly adding new components, new services types as we see fit when we are developing new modules within MySQL. And these are available for everyone to use and extend MySQL as they see fit. Some of the key features that we have introduced recently are key ring backends. MySQL used to provide key ring as a plugin. It still does, but we are now moving to a component-based architecture because it provides much more flexibility. It allows this key ring backend to be used not only in MySQL server binary, but other binaries as well, because all they need to do is just support component infrastructure, which is really, really lightweight and they can use all these libraries. So, key ring backends allow access to key ring data and it seamlessly replaces our existing key ring plugin architecture. We also have a service which allows you to set system variable values within the server, so a component, if being fit, can set certain variables and the behavior of server will change depending on the new value. We have something called a query attribute which provides access to the query we do for running query. And well, it needs to be called from within the server session when you're running the query. It can read, let's say, a value from an UDF or an audit log event handler. It's pretty useful. The table access, a component can read or write data directly to and from a table. Perform index can handle the table structure and bottom line. So, it provides a good way for component to process or change their own data if they require it. Now, right, so to demonstrate the power of this component structure, I created Troy password validation component service which checks whether the password appears in any data pages. So, just a fair warning, this is for demonstration. It's not production ready, so if you are looking at the code later on, you know, make sure that you are aware of consequences and you use it at your own risk. So, some basic idea on how it works is, so MySQL server binary provides a password validation API. This API is a code when a user is created. So, at that time, the password is supplied and we can check whether the password satisfies certain criteria. When a user's password is changed using either a user or set password, at that time, this API will be called to check whether the new password also satisfied the criteria. And there are set of functions provided which can let you know the strength of a password. So, the password breach component that I'm demonstrating supports the password validation API. So, it can be used when you are creating user or changing password of a user. In addition, it provides something called a password breach check function. It is over and above the password validation API. It registers this function with the server and if you provide your password, it goes checks. So, how I've been point is a really good resource to know whether a password has been breached, appeared in any breach or not. So, this password breach component uses how I've been point APIs and if you supply the password, it will go check the password on how I've been point and can tell you how many times it has appeared in a data breach. That's assured, it doesn't really send your actual password. It hashes the password and sends only partial hash information to the server. And there is a whole bunch of articles explaining and proving that this is secure. It will not basically allow anyone to infer what password you are using. So, it should be okay. All right. So, let me let me just switch representation here. Okay. So, so there's a small demo, right? So, there's a MySQL client which has connected to the server, which doesn't, it's a vanilla server. We will try to create a user now, right now. This user is using a very basic password, very insecure password. But since there are no password validation checks installed on the server, this operation will be allowed because, well, hey, we didn't find anything more finding with this password. So, now when the user U1 is created, now let's go ahead and install the component password breach check. It's as simple as executing a single statement. There you go. And once it is installed, all the password validation checks are in place. They are in force. So, now afterwards, when you try to create a user, for example, we will now try to create a user U2 with similar password ABCD. So, now what it will do behind the scene is, it will get, it will take the ABCD, create sharpen hash of the password, pick out the first five characters from this hash, and send it to haveivinpon to check whether this password has appeared in any data, which is or not. So, let's see. So, there you go. So, it says that your password does not satisfy current policy requirement. And at the same time, if you take a look at the server's parallel, it will say that the password breach check component try to verify the strength of the password, and it has appeared 70,435 times in various passwords breaches. Naturally, this is not a good password. I mean, come on. If you are using ABCD, you might as well just use a blank password. So, this information is printed so that admin is aware of what type of passwords are being used and how many times they are appearing on databases, for instance. Now, this is just one part, right? This is just a create user. And you can actually use one of the functions which is provided by this component, which is called password breach check. Now, it is very annoying when you are trying to create a user, when you are trying to change the password, each time you receive this, okay, your password doesn't comply with policy, password validation policy, blah, blah, blah. But it doesn't give you more details. So, for that, enter password breach check function. So, when you execute this function, it will return the value which indicates the number of times this password has appeared in the breach. So, it's a clear indication to a user whether they can use this password or not. So, for example, if we change it to 1234, that has appeared even more, I mean, close to 1.4, 1.5 million times on the password breaches. Let's check for some more. Let's say, instead of ABCD1234, we try to be a little bit more creative. We try to use QWERTY. It is essentially the first character line on the keyboard and see how many times it has appeared and surprise, surprise, it has appeared almost 1.9 million times. So, it's not as secure as you might think about. Well, let's try a few more variations, okay? Let's try to make it a little bit more challenging. We now try to check a password which will have uppercase, lowercase, numbers, symbols, everything, right? These are typical password criteria. Well, guess what? The QWERTY1234 exclamation has appeared 165 times. So, people are, I mean, even if there are password constraints, people are usually using bad passwords. And, of course, all this detail will appear in MySQL server load so that one can check how many times a password has appeared. And again, this doesn't really record the actual password, just the first five digits of the hash or first five characters of the hash. So, it's not revealing the actual password at all. Not only that, if an existing user whose password was weak to begin with, for example, the U1 mediated with KBCD, if you try to use another password which is even weaker, it will not let you change the password because it's not satisfying the criteria of password validation. Now, all this information and more is available on GitHub about this plugin. I have given, I mean, in my presentation, there is a reference to this code. You can take a look at it, play around with it as you see fit. And it also has instruction on how you can compile, how you can install this component. It works with MySQL 8.0. I'll keep updating it as we go forward if there are any compatibility issues as well. So, feel free to take a look, see, you know, how it goes. So, that's all from me, folks. Thank you for your time. Let me see if there are any questions I can answer.