[Dovecot] MySQL stored proc authorization
haos.engine at gmail.com
Fri Oct 13 23:08:25 UTC 2006
2006/10/13, Timo Sirainen <tss at iki.fi>:
> On Fri, 2006-10-13 at 23:24 +0200, Chaos Engine wrote:
> > Are you sure the difference is between the changes in Dovecot and not
> > in
> > some gentoo compile/link flags? Such as a different mysql
> > library.
> > I'm pretty sure. I haven't changed my previous compile flags (Gentoo USE
> flags). To tell the truth I haven't found any word of using stored
> procedures in mysql authorization; but it worked. I haven't touched MySQL or
> its libs, only upgraded dovecot.
> I don't know how MySQL procedures are even supposed to work..
> > I don't think I've changed anything related to that between
> > rc7 and rc8.
> I guess the difference is that I removed this code:
> #ifdef CLIENT_MULTI_STATEMENTS
> /* Updates require this because everything is committed in one
> SQL statement. */
> db->client_flags |= CLIENT_MULTI_STATEMENTS;
> I'd rather not put it back since it potentially makes it less secure.
Yes, most probably the lack of this CLIENT_MULTI_STATEMENTS flag
blocks stored procs (acording to MySQL docs).
More information about the dovecot