No subject


Sat Oct 7 20:41:49 UTC 2006


user, password from user_sensitive_data_table into dovecot-sql.conf, but
I'll live with that. You most probably had your reasons, and ultimately I
agree - security first ;-)

-- 
Chaos greets U

------=_Part_57551_1009602.1160777305352
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<br><br><div><span class="gmail_quote">2006/10/13, Timo Sirainen &lt;<a href="mailto:tss at iki.fi">tss at iki.fi</a>&gt;:</span><blockquote class="gmail_quote" style="margin-top: 0; margin-right: 0; margin-bottom: 0; margin-left: 0; margin-left: 0.80ex; border-left-color: #cccccc; border-left-width: 1px; border-left-style: solid; padding-left: 1ex">
On Fri, 2006-10-13 at 23:24 +0200, Chaos Engine wrote:<br>&gt; Are you sure the difference is between the changes in Dovecot and not<br>&gt; in<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; some gentoo compile/link flags? Such as a different mysql<br>
&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; library.<br>&gt;<br>&gt; I'm pretty sure. I haven't changed my previous compile flags (Gentoo USE flags). To tell the truth I haven't found any word of using stored procedures in mysql authorization; but it worked. I haven't touched MySQL or its libs, only upgraded dovecot.
<br><br>I don't know how MySQL procedures are even supposed to work..<br><br>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; I don't think I've changed anything related to that between<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rc7 and rc8.<br><br>I guess the difference is that I removed this code:
<br><br>#ifdef CLIENT_MULTI_STATEMENTS<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Updates require this because everything is committed in one large<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SQL statement. */<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; db-&gt;client_flags |= CLIENT_MULTI_STATEMENTS;<br>#endif<br><br>
I'd rather not put it back since it potentially makes it less secure.<br></blockquote></div><br>Yes, most probably the lack of this CLIENT_MULTI_STATEMENTS flag blocks&nbsp;stored&nbsp;procs&nbsp;(acording&nbsp;to&nbsp;MySQL&nbsp;docs).<br>From my point of view using stored proc is more secure than putting select user, password from user_sensitive_data_table into 
dovecot-sql.conf, but I'll live with that. You&nbsp;most&nbsp;probably&nbsp;had&nbsp;your&nbsp;reasons,&nbsp;and ultimately I agree - security&nbsp;first&nbsp;;-)<br><br>-- <br>Chaos greets U 

------=_Part_57551_1009602.1160777305352--


More information about the dovecot mailing list