It's all wrapped into the one query. It's the 'ALTER' itself that is the
issue. Even when modifying a temporary table the sql user needs to have
use of the ALTER command (Which by default is not granted by MediaWiki).
Quite simply, because everything is part of the CREATE TEMPORARY and
there is no ALTER command, then the only permission needed is CREATE
TEMPORARY TABLES, which MediaWiki does grant by default.
~Daniel Friesen(Dantman, Nadir-Seen-Fire) of:
-The Nadir-Point Group (http://nadir-point.com)
--It's Wiki-Tools subgroup (http://wiki-tools.com)
--The ElectronicMe project (http://electronic-me.org)
--Games-G.P.S. (http://ggps.org)
-And Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG)
--Animepedia (http://anime.wikia.com)
--Narutopedia (http://naruto.wikia.com)
Yaron Koren wrote:
Sorry, can you elaborate on this? I get the sense you're talking about a SQL
call like:
CREATE TEMPORARY TABLE semantic_drilldown_values (...set of columns...)
...some "CREATE INDEX" or "ALTER TABLE" call...
INSERT INTO semantic_drilldown_values (...SQL call...)
If that's right, how would this require fewer permissions than the current
code?
-Yaron
On Sun, Aug 24, 2008 at 10:43 PM, Daniel Friesen <[EMAIL PROTECTED]>wrote:
~Daniel Friesen(Dantman, Nadir-Seen-Fire) of:
-The Nadir-Point Group (http://nadir-point.com)
--It's Wiki-Tools subgroup (http://wiki-tools.com)
--The ElectronicMe project (http://electronic-me.org)
--Games-G.P.S. (http://ggps.org)
-And Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG)
--Animepedia (http://anime.wikia.com)
--Narutopedia (http://naruto.wikia.com)It would probably be best to
create the temporary table with an explicit
set of fields, and add the id then. And then, fill the table up with the
data. That could be done in a second INSERT ... SELECT ... query, or it
may actually be possible to combine everything into the one create query.
~Daniel Friesen(Dantman, Nadir-Seen-Fire) of:
-The Nadir-Point Group (http://nadir-point.com)
--It's Wiki-Tools subgroup (http://wiki-tools.com)
--The ElectronicMe project (http://electronic-me.org)
--Games-G.P.S. (http://ggps.org)
-And Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG)
--Animepedia (http://anime.wikia.com)
--Narutopedia (http://naruto.wikia.com)
Yaron Koren wrote:
Hi,
What SQL code would you suggest in its place? Originally the call was
"CREATE INDEX", but this too sometimes led to an access-denied error:
https://bugzilla.wikimedia.org/show_bug.cgi?id=13352
-Yaron
On Sat, Aug 23, 2008 at 9:42 AM, Daniel Friesen <[EMAIL PROTECTED]
wrote:
It appears that Semantic Drilldown's BrowseDataPage::createTempTable is
using a SQL ALTER command.
This would be a case of lazy coding. It adds a extra query for something
which should be done inside of the create statement, and it also
requires that the unprivileged mysql user has the ability to alter the
structure of the tables, which would be considered an administrative
thing. The ALTER command does not have a TEMPORARY like DROP does, and
honestly does not need one since all of the definitions for a temporary
table should be specified inside of it's creation.
--
~Daniel Friesen(Dantman, Nadir-Seen-Fire) of:
-The Nadir-Point Group (http://nadir-point.com)
--It's Wiki-Tools subgroup (http://wiki-tools.com)
--The ElectronicMe project (http://electronic-me.org)
--Games-G.P.S. (http://ggps.org)
-And Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG)
--Animepedia (http://anime.wikia.com)
--Narutopedia (http://naruto.wikia.com)
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the
world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Semediawiki-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Semediawiki-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
------------------------------------------------------------------------
_______________________________________________
Semediawiki-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Semediawiki-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
