On Mon, Sep 26, 2011 at 3:48 AM, Daniel Nichter <dan...@percona.com> wrote:
> Drizzle developers,
>
> I created and pushed auth_schema for
> https://bugs.launchpad.net/drizzle/+bug/738601. It's simple but functional
> (and tested and documented). Any feedback? I still need to add some code
> comments and credits (e.g. to Eric Day since I took and modified
> verifyMySQLHash from his auth_file plugin). Else, I will propose to merge it
> soon.
Hi Daniel,
> string sql= "SELECT password FROM " + _table +
101 " WHERE user='" + user + "'"
102 " LIMIT 1;";
Using a 80-char terminal? ;)
What about SQL injection?
> if (!_session) {
Should be if (not _session)
{
It'd also be nice to support auth via system accounts. An additional
table to map allowed system accounts to drizzle users would be needed
for this.
Greetings,
Olaf
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : drizzle-discuss@lists.launchpad.net
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp
