On 6/21/2013 8:50 AM, Steven Siebert wrote:
> Great, thanks to all.
> I don't mean to defend our auditors, because they are a PITA, but they do
> appear to be decently knowledgeable in general - but they aren't, not can
> they be expected to, be specific application-level experts - otherwise, the
> number of auditors we would be required to hire would be cost
> prohibitive...there is a necessary balance =) Just because MySQL
> implements this way (and, obviously is concious of these security
> concerns), doesn't mean the latest NoSQL solution deployed to github,
> written in python during a cocaine fuelled weekend, does...they aren't here
> to say "no" to whatever software I desire to use, they just need to
> verify. So, really, the wand of ignorance should be pointed in my
> direction =)
> This leads me to my final question: is this documented anywhere beyond the
> source code and this thread? I was specifically searching for session id
> generation, but clearly this search was too narrow. I'll look more
> generally for how MySQL establishes connections and maintains sessions -
> but if you happen to know where it might be document off the top of your
> head, I would appreciate it.
> Thanks again for everyone's insightful and quite helpful responses.
> ... snipped ...
I believe that between the source code and the MySQL Internals manual,
you will get more answers than you might have been looking for.
Of course, if you need any clarification you can always bring those
questions back to the list.
MySQL Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN