[Dovecot] MySQL stored proc authorization

Chaos Engine haos.engine at gmail.com
Fri Oct 13 23:08:25 UTC 2006


2006/10/13, Timo Sirainen <tss at iki.fi>:
>
> On Fri, 2006-10-13 at 23:24 +0200, Chaos Engine wrote:
> > Are you sure the difference is between the changes in Dovecot and not
> > in
> >         some gentoo compile/link flags? Such as a different mysql
> >         library.
> >
> > I'm pretty sure. I haven't changed my previous compile flags (Gentoo USE
> flags). To tell the truth I haven't found any word of using stored
> procedures in mysql authorization; but it worked. I haven't touched MySQL or
> its libs, only upgraded dovecot.
>
> I don't know how MySQL procedures are even supposed to work..
>
> >         I don't think I've changed anything related to that between
> >         rc7 and rc8.
>
> I guess the difference is that I removed this code:
>
> #ifdef CLIENT_MULTI_STATEMENTS
>        /* Updates require this because everything is committed in one
> large
>           SQL statement. */
>        db->client_flags |= CLIENT_MULTI_STATEMENTS;
> #endif
>
> I'd rather not put it back since it potentially makes it less secure.
>

Yes, most probably the lack of this CLIENT_MULTI_STATEMENTS flag
blocks stored procs (acording to MySQL docs).


More information about the dovecot mailing list