Hi Ann,
Currently, the thoughts on how to make the BLOB references secure go
like this:
The BLOB reference consists of 2 components: The first component is
basically an index used to find the BLOB on the server. The second
component is a random number generated when the BLOB is created.
The random number acts as an "authorization code", and is checked
when the BLOB is requested. So if the authorization code supplied in
the BLOB reference does not match the code stored by the server for
that BLOB, then the BLOB is not returned.
If the authorization code is a 4-byte number, then the chances of
getting the correct code for any particular BLOB is 1 in 4 billion.
This makes it practically impossible to "discover" a BLOB by
generating BLOB references and requesting them from the server.
However, it does mean that once you have a valid BLOB reference it
remains valid until the BLOB is deleted. So you can pass it around to
your friends, or post it on the internet if you like.
In order to prevent this (it will depend on the site, as to whether
this is required), it would be possible to add a dynamic component to
the BLOB reference which has a certain lifetime (for example, it
expires after a certain amount of time, or when a database session is
closed).
Such a component would have to be added to the BLOB reference URL by
the storage engine on the fly. So, as the SELECT result is being
generated, the dynamic component is added to the BLOB references
returned in the rowset.
Security of the BLOB streaming stuff is one of the major issues, so
further comments, questions and ideas are welcome!
Best regards,
Paul
On Jun 26, 2007, at 4:36 PM, Ann W. Harrison wrote:
Paul McCullagh wrote:
It will also be possible to store the BLOBs "out-of-row". In this
case, only a BLOB reference is stored in the row. The reference is
basically a URL which can be used to retrieve the data. So when
you do an SQL SELECT which includes a BLOB column, the resulting
rowset does not contain the data, just the BLOB reference (URL).
How does this work with access privileges? Can you just send random
numbers in the URL until you start seeing blob data?
Best regards,
Ann
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]