Thanks Here is the patch to the ext/mysql/php_mysql.c file
It looks a bit messy and there might be some stuff you don't get right away. Basically here"s what it does. Mysql_connect gets a user, host and password (set to empty). We don't really care about those values. Actually, i get the path translated value from sapi_globals and i extract from it tow datas : the country (cause we're hosting 9 differents countries) and the login of the guy. We then add these two to create a unique login for Mysql (login_cc (cc=countrycode : fr, uk, it, nl and so on)). and then the rest of the process is the same. And one other thing, the function names are modified so that we can wrap them for some internal reasons. If you guys have any idea how to help me, i'd really appreciate it. Thanks a lot Later and take care At 12:31 03/04/2002 +0200, Markus Fischer wrote: > I would suggest simple post an url with the path against > whatever version and people feeling attracted will contact > you (even I might take a peek ;-) > > - Markus > >On Wed, Apr 03, 2002 at 11:50:36AM +0200, Chand wrote : > > hi everyone, > > > > I'm working on a hosting platform with a large number of users, and we > need > > to ensure safety for our users considering the mysql Connection. Using a > > password is not good enough cause if someone succeeds in getting the > source > > code of someone, he will get the password and then will be able to do > > anything from his account. Thus, i've been working on a patch that would > > allow me to enforce a mysql user login based on the script filename path. > > (in example /home/chand/mysql.php enforces the login as 'chand'). > > > > I'd already done this patch on 4.0.4pl1 2 years ago and it worked. For our > > new Hosting Platform, we've decided to go up to 4.1.0, and i can't seem to > > make it work correctly. I randomly (looks like it's random), get Internal > > Server Errors from the Mysql connection functions. My patch is most > > certainly the cause of that. Using gdb, what seems to be the problem is a > > lack of memory being available or allowed by the system thus a crash. I > > really don't understand how this could be possible considering my patch > > looks good to me. > > > > I was wondering if anyone had any idea about such a problem. Basically > what > > i do is get the PATH_TRANSLATED variable from the sapi_globals and use > > strsep to get the login name to enforce it as the Mysql User. Before i > used > > strtok which actually was a bad idea since it's a completely broken > > function, now obsolete. strsep helped me get the ratio of ISE (Internal > > Server Errors) down to 1% of the pages correctly served. It's still not > > good for me. We need a fully working php. > > > > I can put up the patch here to see if you guys can see what i'm doing > > wrong. I've been working on this for a long time now looking at a lot of > > different things from application to system. Nothing i've tried seems > to be > > working and my C code looks all right to me, but there might be some > > inconsistency with some inner way of dealing memory in php. > > > > I'd really appreciate any help on this, on this list or on a private > basis. > > Thanks a lot for any insight. > > > > Later > > Chand > > > > -- > > > > Mark Villemade > > Hosting Services Technical Manager > > Lycos Europe > > +33 1 53 27 24 05 > > > > > > -- > > PHP Development Mailing List <http://www.php.net/> > > To unsubscribe, visit: http://www.php.net/unsub.php > >-- >Please always Cc to me when replying to me on the lists. >GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc >"Mind if I MFH ?" "What QA did you do on it?" "the usual?" "ah... none :)" > >-- >PHP Development Mailing List <http://www.php.net/> >To unsubscribe, visit: http://www.php.net/unsub.php
patch.Multi-User.Mysql.4.1.0.chand
Description: Binary data
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
