Return-Path: 
 <dev-return-36220-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 11175 invoked by uid 500); 17 Feb 2003 22:02:34 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 11157 invoked from network); 17 Feb 2003 22:02:33 -0000
Date: Mon, 17 Feb 2003 23:02:39 +0100 (CET)
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
X-X-Sender: dirkx@foem.leiden.webweaving.org
To: dev@httpd.apache.org
Subject: Re: round 2 of mod_authn_mysql 
In-Reply-To: <20030217203314.M8894@cyan.com>
Message-ID: <20030217225558.H82095-100000@foem.leiden.webweaving.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N


On Mon, 17 Feb 2003, Paul Querna wrote:

> - Add end user SQL query as suggested on apache-dev

And or change the apr_pstrcat into things like select "%s" from %s
with an apr_pstrNprintf( with a nice limit; as some of the values are from
potentially doggy sources; such as .htaccess file made by possibly hostile
users and from the network.

> - Test Scalling/Stability

Aye - you want to triple/double check your mysql_free()'s I'd guess. Or
have one exit after the claim you go to with an 'return e' set to
AUTH_USER_X Y or Z. Just to make it a bit more defensive. Or wrap inside a
function or soemthing :-).

You could also move/remove some of your DEBUG_AUTH_MYSQL to a APLOG_DEBUG;
that may make more sense ?

Dw,