[Dovecot] MySQL stored proc authorization

Timo Sirainen tss at iki.fi
Fri Oct 13 23:19:50 UTC 2006


On Sat, 2006-10-14 at 00:08 +0200, Chaos Engine wrote:

>                db->client_flags |= CLIENT_MULTI_STATEMENTS;

> 
>         
> 
> Yes, most probably the lack of this CLIENT_MULTI_STATEMENTS flag
> blocks stored procs (acording to MySQL docs).
> From my point of view using stored proc is more secure than putting
> select user, password from user_sensitive_data_table into
> dovecot-sql.conf, but I'll live with that.
> You most probably had your reasons, and ultimately I agree -
> security first ;-)

Now that I think of it, you can actually enable this again. Add to
connect string in dovecot-sql.conf:

client_flags = 64

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20061014/8fcca8a1/attachment.pgp 


More information about the dovecot mailing list