<br><br><div><span class="gmail_quote">2006/10/13, Timo Sirainen <<a href="mailto:tss@iki.fi">tss@iki.fi</a>>:</span><blockquote class="gmail_quote" style="margin-top: 0; margin-right: 0; margin-bottom: 0; margin-left: 0; margin-left: 0.80ex; border-left-color: #cccccc; border-left-width: 1px; border-left-style: solid; padding-left: 1ex">
On Fri, 2006-10-13 at 23:24 +0200, Chaos Engine wrote:<br>> Are you sure the difference is between the changes in Dovecot and not<br>> in<br>> some gentoo compile/link flags? Such as a different mysql<br>
> library.<br>><br>> I'm pretty sure. I haven't changed my previous compile flags (Gentoo USE flags). To tell the truth I haven't found any word of using stored procedures in mysql authorization; but it worked. I haven't touched MySQL or its libs, only upgraded dovecot.
<br><br>I don't know how MySQL procedures are even supposed to work..<br><br>> I don't think I've changed anything related to that between<br>> rc7 and rc8.<br><br>I guess the difference is that I removed this code:
<br><br>#ifdef CLIENT_MULTI_STATEMENTS<br> /* Updates require this because everything is committed in one large<br> SQL statement. */<br> db->client_flags |= CLIENT_MULTI_STATEMENTS;<br>#endif<br><br>
I'd rather not put it back since it potentially makes it less secure.<br></blockquote></div><br>Yes, most probably the lack of this CLIENT_MULTI_STATEMENTS flag blocks stored procs (acording to MySQL docs).<br>From my point of view using stored proc is more secure than putting select user, password from user_sensitive_data_table into
dovecot-sql.conf, but I'll live with that. You most probably had your reasons, and ultimately I agree - security first ;-)<br><br>-- <br>Chaos greets U