httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ernst schoen-rene" <>
Subject Re: [users@httpd] dbd syntax
Date Sat, 27 Dec 2008 18:46:24 GMT
Oh, one other thing that should be cleared up in the documentation.  The
example sql syntax for selecting the pass is this:

select password from users where user_id = %s

One would normally expect to have to put quotes around the %s as in:

select password from users where user_id = '%s'

but that's not the case.  It doesn't work with the quotes, only without.

On Sat, Dec 27, 2008 at 10:34 AM, ernst schoen-rene <>wrote:

> I did have the mysql driver, and after many clean install attempts, I
> installed apache 2.2.11  from apache 2.2.10 without re-compiling apr or
> apr-util and bam, it worked.  My log files showed "could not connect to
> mysql server" error.  mod_dbd only began connecting when I added a socket or
> port option.  If I take that away, no connection.  My socket is
> /tmp/mysql.sock, my port is 3306, both the normal default.
>   Of course, even better than just breaking the password encryption the way
> I had to would be to allow the user to choose encryption, the way
> mod_auth_mysql did.
> On Sat, Dec 27, 2008 at 9:56 AM, Nick Kew <> wrote:
>> On Sat, 27 Dec 2008 09:10:25 -0800
>> "ernst schoen-rene" <> wrote:
>> > I have solved this problem.
>> > I am running fedora64 on amd64.
>> > mod_dbd with mysql simply doesn't work on my install of apache
>> > 2.2.10.  I installed 2.2.11 and it works, but there are elements that
>> > I think are under-documented or poorly documented.
>> OK, that probably means your 2.2.10 didn't have the MySQL driver.
>> The actual error message there would've identified it.
>> > First, the DBDParams command for mysql requires that you put in a
>> > port or a socket, even if they are the defaults.
>> Um, not for anyone else I've heard of.
>> >   It does not require
>> > you to put in a database name.  The DBDParams can be delimited by a
>> > number of characters including a comma, space and '|', but it doesn't
>> > mention this in the documentation.
>> The documents show a format that works.  The other delimiters are a
>> freebie extra, for people who prefer them.
>> > Secondly, the function in mod_authn_dbd that compares passwords
>> > compares the password your sql statement returns with an ENCRYPTED
>> > password.  It does say this once in the documentation, but all the
>> > sql examples do not indicate this.  There is no documentation about
>> > how to produce a password using the same encryption that apache
>> > uses.  I had to change the code for mod_authn_dbd to just compare
>> > unencrypted passwords.  For my application, encryption doesn't
>> > matter, and I think it's sort of silly to encrypt passwords that are
>> > transmitted in plain text anyway.  Documentation on how to produce an
>> > encrypted password in one's sql command would be useful.
>> Good point: the mod_auth[nz]_dbd pages could use an additional section
>> about the database and password formats.  Contributions always welcome
>> if the regular devs don't get a round tuit!
>> Another little exercise for anyone with a spare hour or two:
>> a script to convert a htpasswd or htdigest file for use with DBD.
>> Extra kudos if you do the hard bit, and make it work with all
>> the databases.
>> --
>> Nick Kew
>> Application Development with Apache - the Apache Modules Book
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:> for more info.
>> To unsubscribe, e-mail:
>>   "   from the digest:
>> For additional commands, e-mail:

View raw message