Hello Steven,
On 6/21/2013 8:50 AM, Steven Siebert wrote:
Great, thanks to all.
I don't mean to defend our auditors, because they are a PITA, but they do
appear to be decently knowledgeable in general - but they aren't, not can
they be expected to, be specific application-level experts - otherwise, the
number of auditors we would be required to hire would be cost
prohibitive...there is a necessary balance =) Just because MySQL
implements this way (and, obviously is concious of these security
concerns), doesn't mean the latest NoSQL solution deployed to github,
written in python during a cocaine fuelled weekend, does...they aren't here
to say "no" to whatever software I desire to use, they just need to
verify. So, really, the wand of ignorance should be pointed in my
direction =)
This leads me to my final question: is this documented anywhere beyond the
source code and this thread? I was specifically searching for session id
generation, but clearly this search was too narrow. I'll look more
generally for how MySQL establishes connections and maintains sessions -
but if you happen to know where it might be document off the top of your
head, I would appreciate it.
Thanks again for everyone's insightful and quite helpful responses.
... snipped ...
I believe that between the source code and the MySQL Internals manual,
you will get more answers than you might have been looking for.
Of course, if you need any clarification you can always bring those
questions back to the list.
http://dev.mysql.com/doc/internals/en/client-server-protocol.html
--
Shawn Green
MySQL Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql
