Return-Path: Delivered-To: apmail-perl-modperl-archive@www.apache.org Received: (qmail 73697 invoked from network); 11 Mar 2006 02:40:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 11 Mar 2006 02:40:26 -0000 Received: (qmail 74008 invoked by uid 500); 11 Mar 2006 02:40:22 -0000 Delivered-To: apmail-perl-modperl-archive@perl.apache.org Received: (qmail 73517 invoked by uid 500); 11 Mar 2006 02:40:20 -0000 Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list modperl@perl.apache.org Received: (qmail 73506 invoked by uid 99); 11 Mar 2006 02:40:20 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Mar 2006 18:40:20 -0800 X-ASF-Spam-Status: No, hits=1.4 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: 209.86.89.69 is neither permitted nor denied by domain of perrin@elem.com) Received: from [209.86.89.69] (HELO elasmtp-mealy.atl.sa.earthlink.net) (209.86.89.69) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Mar 2006 18:40:19 -0800 Received: from [64.105.73.254] (helo=[192.168.1.100]) by elasmtp-mealy.atl.sa.earthlink.net with asmtp (TLSv1:AES256-SHA:256) (Exim 4.34) id 1FHu1O-0001rl-Po; Fri, 10 Mar 2006 21:39:59 -0500 Message-ID: <4412387D.7050600@elem.com> Date: Fri, 10 Mar 2006 21:39:57 -0500 From: Perrin Harkins User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Jonathan Vanasco CC: modperl_users List Subject: Re: Migrating from MySQL to PostGres -- Any mod_perl specific things I should be wary of? References: <0C1FE548-66D6-4B8A-BAF1-C28D98F8AD09@2xlp.com> <1142030946.28877.59.camel@localhost.localdomain> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ELNK-Trace: c0887ac1ba12fd211aa676d7e74259b7b3291a7d08dfec793b2791438bd35734cbe860afd2dd6a61350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 64.105.73.254 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Jonathan Vanasco wrote: > with mysql5 , they decided to make mysql easier for everyone by setting > a default to ignore errors and coerce the data into a valid format MySQL has always done that. Being able to turn that off was one of the big new features in MySQL 5. > it turns out that you can set 'sql_mode=TRADITIONAL' in the my.cnf , > and it will enforce rules by default. BUT those rules can be disabled > during a transaction. > i don't want more grant privileges to worry about managing to keep > them off should i get a sql injection attack, or the my.cnf file gets > overwritten on some update. If you have SQL injection vulnerabilities in your code, changing the sql_mode is the least of your worries. > why someone would have that as the DEFAULT setting is beyond > me. I don't like it either, but they don't exactly try to hide it. It's been that way since the first release. > MAKE SURE YOU HAVE sql_mode AS TRADITIONAL. mysql isn't actually > transaction safe without it - it will coerce invalid data to fit your > schema, which means any field can be corrupt and foreign keys are useless. I don't think that's a fair statement. MySQL's transaction and locking system is every bit as good as the one in PostgreSQL, and doesn't depend on the the sql_mode setting. That's only about data validation. You can definitely enforce foreign keys, even in older versions like the 4.1 series. If you set a column with a foreign key constrain to NOT NULL, no values except valid foreign keys will be accepted for it. I use this frequently instead of the unenforced "enum" type. If you aren't comfortable using the strict SQL mode, then PostgreSQL definitely sounds like the right choice for you. It's a solid choice and many people use it with mod_perl, so I expect you'll have no trouble. The default isolation level is somewhat less isolated than the default with InnoDB, but that's usually the right choice for web applications. - Perrin