List:General Discussion« Previous MessageNext Message »
From:Carl Troein Date:October 16 2001 4:25pm
Subject:Re: Has this problem been addressed?
View as plain text  
Chad Burnette writes:

> 	I would really like to get mySQL to work with our product (and
> recommend it to customers of ours), but due to the error below I cannot
> safely do that.  I am wondering if this problem has been addressed in a
> recent version.  Please send feedback to my email.  Thanks...
> SECURITY WARNING: DO NOT USE MYSQL IN A PRODUCTION (LIVE) SYSTEM. 

I take it you mean that warning to be for your software in
combination with MySQL.

> MySQL introduces into Portal Server a security issue that causes it to not
> be a suitable database for running in an environment where there are
> potentially untrusted users. MySQL should be used only for development or
> evaluation purposes. The security flaw is that all permissions on a deleted
> user group may be inherited by the next user group that is created. 
> Technical Reason For MySQL Security Flaw: MySQL implements its autoincrement
> differently compared to other databases with which Portal Server runs. 

Most RDBMS seem to do little things differently. Software
should be aware of differences, at least if the differences are
in non-standard extensions to SQL.

> MySQL
> increments from the highest row currently in the table, not the highest
> value ever. User groups receive their ID from this autoincrement feature.
> Under MySQL, if you delete a user group and then add another user group,
> that second user group will have the same ID as the deleted one.

This is simply not true, unless you're using the obsolete ISAM table
type. The only time the AUTO_INCREMENT is reset is when you empty
the table completely with a "DELETE FROM TABLE" without a WHERE.
At least this is what the manual says.

//C

-- 
 Carl Troein - C carl@stripped | http://pixelmagic.dyndns.org/~cirdan/
 Amiga user since '89, and damned proud of it too.

Thread
Has this problem been addressed?Chad Burnette16 Oct
  • Re: Has this problem been addressed?Carl Troein16 Oct
  • Re: Has this problem been addressed?Sinisa Milivojevic16 Oct
  • Re: Has this problem been addressed?Paul DuBois16 Oct
RE: Has this problem been addressed?Chad Burnette16 Oct
  • RE: Has this problem been addressed?Sinisa Milivojevic16 Oct
RE: Has this problem been addressed?Chad Burnette17 Oct