Last_login plugin and mysql

Thomas Hooge thomas at hoogi.de
Mon Sep 24 10:34:24 EEST 2018


Hello,

> last_login plugin uses dict interface, which does not support "update",
> it only supports get, set, unset and atomic inc. Set is implemented 
> with
> 'INSERT INTO foo ... ON DUPLICATE UPDATE'. There is no configuration
> setting to change this, as dict cannot know without performing a SELECT
> that a value already exists.

Ok, now i understand the dict behaviour.
Some clarification in the last-login wiki page would be nice:
   * needed Database rights
   * Example of last_login in separate table

In my special case i wanted to use the last_login field inside
the mailbox table of postfixadmin.
 From the security point of view i don't want dovecot to be able
to insert records in that table. So the only additional right
should be update on the last_login field.

In the case of the last_login plugin there ist a very high probability
the dict key exists because of the previous successfull login which
uses the same table.
If the key does not exist there is a serious problem :-)

Perhaps there shoud be a feature of different types of dicts:
   * normal dict (as implemented)
   * immutable dict (read only)
   * dict with immutable keys (only value writeable)

Kind regards,
Thomas


More information about the dovecot mailing list