Nick Kew wrote: > Is that the same issue as > http://issues.apache.org/bugzilla/show_bug.cgi?id=41925
No. The bug describes encryption but I was talking about validation. Furthermore the bug shows off a completely other part of the API. > My working assumption with DBD is that creating stored procedures > is part of database design and initialisation, and not something > I'd want the apache user to have privilege to mess with! Are you > talking about something like per-connection stored procedures? Writing stored procedures is usually part of the DBA, but if the database server is not on the same machine as the web server, stored procedures are most of the time faster than SQL statements invoked from the client. Even when using SQL statements the Apache admin has to know the tablenames and the structure of the tables. And he has to have the privilege to access them. In that case he either can write the SP by himself or ask the DBA to do that for him. Another point is that the SQL statement could get pretty large when several tables are involved for retrieving the passwords or groups. Not everybody is able to create their own tables for authentication. Many people want to use their already existing tables and then it's much easier to have just a SP which does the job. Having stored procedure support does not force the Apache admin to use it. It just gives him the possibility to do so. Regards, Helmut