httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Querna" <>
Subject Re: round 2 of mod_authn_mysql
Date Tue, 18 Feb 2003 04:24:58 GMT
On Mon, 17 Feb 2003 23:02:39 +0100 (CET), Dirk-Willem van Gulik wrote
> And or change the apr_pstrcat into things like select "%s" from %s
> with an apr_pstrNprintf( with a nice limit; as some of the values 
> are from potentially doggy sources; such as .htaccess file made by 
> possibly hostile users and from the network.

changed to apr_psprintf, and added LIMIT to the queries.

I supose another thing to put in the documentation is to say to create a
seperate MySQL user just for this, and set them to have ONLY SELECT permissions.

> Aye - you want to triple/double check your mysql_free()'s I'd guess. 
> Or have one exit after the claim you go to with an 'return e' set to 
> AUTH_USER_X Y or Z. Just to make it a bit more defensive. Or wrap 
> inside a function or soemthing :-).

yep, changed it to set an authn_status, and then do the mysql_free and
releasing the server in one spot.

I have put the version(0.0.3) with these and a couple over small changes on

thanks for the suggestions.


View raw message