Re: [courier-users] authmysql vs apostrophe [PATCH]

This is a discussion on Re: [courier-users] authmysql vs apostrophe [PATCH] within the Courier-Imap forums, part of the Mail Servers and Related category; This is a MIME GnuPG-signed message. If you see this text, it means that your E-mail or Usenet ...


Go Back   Usenet Forums > Mail Servers and Related > Courier-Imap

Reload this Page Re: [courier-users] authmysql vs apostrophe [PATCH]

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 1 Week Ago
Sam Varshavchik
 
Posts: n/a
Default Re: [courier-users] authmysql vs apostrophe [PATCH]
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--===============0066081865==
Content-Type: multipart/signed;
boundary="=_mimegpg-commodore.email-scan.com-22191-1209928331-0001";
micalg=pgp-sha1; protocol="application/pgp-signature"

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-22191-1209928331-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Alessandro Vesely writes:

> Sam Varshavchik wrote:
>> Alessandro Vesely writes:
>>> Sam Varshavchik wrote:
>>>> Alessandro Vesely writes:
>>>>
>>>>>
>>>>> * use mysql escape function also in a number of other places; the
>>>>> MySQL team took years to get it straight...
>>>>
>>>> Well, I don't think they got it right. There's no bounds checking in
>>>> mysql_real_escape_string! The documentation claims you just need to
>>>> provide enough room at least twice as long as the string length, but
>>>> then there are also some vague comments regarding the interaction of
>>>> this function with the locale's character set, which leaves me with a
>>>> somewhat uneasy feeling.
>>>
>>> Since they require 2*length+1, I assume they check that bound. I don't
>>> know the details of the implementation, but doubling seems quite
>>> enough. Even if mysql_real_escape_string() cannot fail, its output
>>> will eventually be parsed using some other function which is
>>> supposedly aware about what the former might have done.
>>
>> I looked at MySQL's source. Their code assumes that the buffer passed to
>> mysql_real_escape_string is sized twice the size of the input buffer,
>> plus one byte, and the code checks for overflow.
>
> Great, thank you for confirming that.
>
>> Still, the original
>> patch looks to be too complicated than it needs to be,
>
> I agree to some extent. I tried and built something that works
> seamlessly in most cases, and the result is sub-optimal for the
> remaining ones.
>
> The more I think about it, the more I get convinced that an
> _authmysql2_ module would better suit Courier's architecture and
> style. I mentioned that on 21 April, along with the quoted names question.
>
>> so I'll need to do this myself.
>
> I did not work on a second patch since then, also because I'm late at
> some other stuff (as usual...) However, I could try again if you'd
> like and provide some more feedback, unless you start working on that
> before I can find some spare time.

I'm going to try to put together a test build in a day, or so. Testing it
would be useful.



--=_mimegpg-commodore.email-scan.com-22191-1209928331-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBIHgqLx9p3GYHlUOIRArwGAJ9ePAp9SHTq+uWFel39U+ Vc8cfV8ACff/5s
b541wJ4IwtxP1HD9GDJ89rw=
=iiyx
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-22191-1209928331-0001--


--===============0066081865==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
--===============0066081865==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users

--===============0066081865==--

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 06:17 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0