Version Tokens is based on a plugin library that implements these components:
A server-side plugin named
version_tokensholds the list of version tokens associated with the server and subscribes to notifications for statement execution events. The
version_tokensplugin uses the audit plugin API to monitor incoming statements from clients and matches each client's session-specific version token list against the server version token list. If there is a match, the plugin lets the statement through and the server continues to process it. Otherwise, the plugin returns an error to the client and the statement fails.
A set of user-defined functions (UDFs) provides an SQL-level API for manipulating and inspecting the list of server version tokens maintained by the plugin. The
VERSION_TOKEN_ADMINprivilege (or the deprecated
SUPERprivilege) is required to call any of the Version Token UDFs.
version_tokensplugin loads, it defines the
VERSION_TOKEN_ADMINdynamic privilege. This privilege can be granted to users of the UDFs.
A system variable enables clients to specify the list of version tokens that register the required server state. If the server has a different state when a client sends a statement, the client receives an error.