List:Internals« Previous MessageNext Message »
From:Guus Leeuw jr Date:May 19 2008 5:37pm
Subject:RE: sql/password.c
View as plain text  
Hi there,

> -----Original Message-----
> From: Sergei Golubchik [mailto:serg@stripped]
> Sent: 19 May 2008 18:15
> 
> Hi!
> 
> On May 18, Guus Leeuw jr wrote:
> > Hello,
> >
> > Sorry for the somewhat wide distribution, first of all.
> > (This message was originally cross-posted to
> contributions@stripped;
> > so please reply to them as well.)
> >
> > Background:
> >
> > I am implementing multiple websites using MySQL as a backend
> database. So
> > far, nothing new. However some of these websites will host
> applications that
> > are password protected and user-role authorized. Thus it would seem
> ideal if
> > we could somehow manage for the website password to be the same as
> the
> > database password, so that we can target specific tables / databases
> for
> > specific users. One of the databases is to hold financial data, which
> I
> > would not want a "role-based" user id (aka "web"/"web") to be able to
> see.
> >
> > I *assume* that a possibility like this would greatly benefit several
> > organizations using MySQL for similar purposes, if these
> organizations
> > already have centralized password databases. Nowadays with Microsoft
> finally
> > supporting Kerberos by default as the means to store Active Directory
> > passwords, it would seem to me that a large number of organizations
> actually
> > fit that bill.
> 
> The first thought is - check Summer of Code projects: there're two
> related:
> 
> http://code.google.com/soc/2008/mysql/appinfo.html?csaid=9CDE431A6856AD
> 74
> 
> this is your roles.
> 
> http://code.google.com/soc/2008/mysql/appinfo.html?csaid=1F94B07630EA06
> DA

OK, is Milos on the list? Are there already thoughts on the design, etc.
I don't really want to wait until after the Summer (sic) for this to be
available.
Also, I kinda need it for 5.0, not 6.0 or something higher up the tree.

The easiest thing to do would then simply be to support SASL in MySQL, and
leave everything up to SASL.
(CRAM, DIGEST, GSSAPI, Auxprop, PAM)

[snipped as the discussion takes a turn towards pluggable authentication]

Cheers,
Guus
Thread
sql/password.cGuus Leeuw jr18 May
  • Re: sql/password.cSergei Golubchik19 May
    • RE: sql/password.cGuus Leeuw jr19 May