Simon Kenyon wrote:
On Wednesday 27 April 2005 05:21, David Shay wrote:
As discussed on IRC last night, here is a patch to provide a generic SQL
service through the myth protocol. This will be helpful to external
programs such as mvpmc and now mythroku which cannot easily access mysql
directly, and also allows for generic database access (non-mysql). These
programs can use this for things like accessing the commercial cutlist,
etc.
I didn't bump the protocol version, since it is an extension, but I could
submit a patch with that included if you want.
The new protocol command is QUERY_SQL, and it accepts any valid SQL command
after that. For instance:
QUERY_SQL SELECT sourceid,lineupid from videosource;
what security is associated with this?
is it a mechanism for injecting malicious SQL into the db?
This was my first thought as well. Why not add the individual commands
as needed to support the functions of the remote frontends rather than
opening up a big hole with unresticted SQL via the protocol.
Kevin
_______________________________________________
mythtv-dev mailing list
[email protected]
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-dev
