On Fri, Oct 21, 2011 at 2:24 PM, Henrik Ingo <[email protected]> wrote: >> Nope, no client-side support necessary. > > Why? Are you assuming here that one connects via unix socket and not > -h127.0.0.1?
Yes. Why would you use TCP on localhost? >> Something is still missing. The authentication question appears to be >> answered. What about the authorization question? > > That is a different question :-) As it is now once you are logged in, > anyone is essentially root. In that case strong auth isn't really significant (yet) (IMO). You either have full access or you have no access. > Having played with this a while, it seems authorization in Drizzle > must be completely separate from authentication. Any authorization > plugin should only care about my username, and then give or refuse > access based on that. True. In that case, you'd need a mapping from system account to database account too. MariaDB doesn't have that, unfortunately. > Beyond that, I can see us creating a plugin that > looks like what MySQL does, and then some more that I can't even think > of. The regex authorization plugin is pretty clever idea already. -- Olaf _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
