List:General Discussion« Previous MessageNext Message »
From:shawn green Date:June 22 2013 5:48pm
Subject:Re: Session ID Generation
View as plain text  
Hello Steven,

On 6/21/2013 8:50 AM, Steven Siebert wrote:
> Great, thanks to all.
>
> I don't mean to defend our auditors, because they are a PITA, but they do
> appear to be decently knowledgeable in general - but they aren't, not can
> they be expected to, be specific application-level experts - otherwise, the
> number of auditors we would be required to hire would be cost
> prohibitive...there is a necessary balance =)  Just because MySQL
> implements this way (and, obviously is concious of these security
> concerns), doesn't mean the latest NoSQL solution deployed to github,
> written in python during a cocaine fuelled weekend, does...they aren't here
> to say "no" to whatever software I desire to use, they just need to
> verify.  So, really, the wand of ignorance should be pointed in my
> direction =)
>
> This leads me to my final question: is this documented anywhere beyond the
> source code and this thread?  I was specifically searching for session id
> generation, but clearly this search was too narrow. I'll look more
> generally for how MySQL establishes connections and maintains sessions -
> but if you happen to know where it might be document off the top of your
> head, I would appreciate it.
>
> Thanks again for everyone's insightful and quite helpful responses.
> ... snipped  ...

I believe that between the source code and the MySQL Internals manual, 
you will get more answers than you might have been looking for.

Of course, if you need any clarification you can always bring those 
questions back to the list.

http://dev.mysql.com/doc/internals/en/client-server-protocol.html

-- 
Shawn Green
MySQL Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN
Thread
Session ID GenerationSteven Siebert20 Jun
  • Re: Session ID GenerationJohan De Meersman21 Jun
    • Re: Session ID GenerationSteven Siebert21 Jun
      • Re: Session ID GenerationJohan De Meersman21 Jun
      • Re: Session ID GenerationHartmut Holzgraefe21 Jun
        • Re: Session ID GenerationSteven Siebert21 Jun
          • Re: Session ID GenerationHartmut Holzgraefe21 Jun
          • Re: Session ID GenerationDenis Jedig21 Jun
            • Re: Session ID GenerationSteven Siebert21 Jun
              • Re: Session ID Generationshawn green22 Jun
      • Re: Session ID GenerationDenis Jedig21 Jun