Re: Hijackers?
On Tue, Dec 13, 2005 at 06:33:47AM +, Duncan Hill wrote: The methods to defeat this, to the best of my knowledge, include limiting the privileges of the web script user (or any user) to only do what they need to do. So if the script only needs to select data, don't give it any rights I believe using bind variables whenever possible also helps prevent this attack. -Jason Martin -- S met ing's hap ening t my k ybo rd . . This message is PGP/MIME signed. pgpBcno4Qf3S7.pgp Description: PGP signature
Re: How to index a table with many fields?
On Thu, Dec 01, 2005 at 05:33:01PM +0100, Andy Pieters wrote: Hi list I have a data set that is composed of many fields (30+). The final app will allow the users to search records on each field. What is the best thing to index in this situation? Make an index for *all* fields? You woudn't want one index that contains all fields, as there is no efficient way to search it for a field that isn't on the 'leading edge' of the index. You'd be better off with a seperate index for each field. -Jason Martin -- If you don't like the news, go out and make some of your own. This message is PGP/MIME signed. pgpTFwnzg0rF2.pgp Description: PGP signature
Re: using dinamic table name inside stored procedure
I'd really suggest looking at the data model that requies you to dynamically select which table to read from, and find another way. If there are several tables that have the same column that differ only by name, why not make the name a column? -Jason Martin On Sat, Nov 19, 2005 at 02:28:41PM +0200, Gleb Paharenko wrote: AESYS S.p.A. [Enzo Arlati] wrote: I need to pass to a stored procedure a var a table name. -- Definition of Terror: A female Klingon having a bad hair day. This message is PGP/MIME signed. pgpnepMnZ0Wfx.pgp Description: PGP signature
Re: Anyone use Snort and Acid?
On Sun, Nov 13, 2005 at 08:56:12PM -0800, Ed Kasky wrote: Snort v2.4.3 ACID v0.9.6b23 I seem to recall hearing that ACID is deprecated; you might want to look around if there is a newer equivalent. SQUIL (http://sguil.sourceforge.net/) is supposed to be really good. -Jason Martin -- I have a watch cat! Just break in and she'll watch. This message is PGP/MIME signed. pgpTCfY0X9o7C.pgp Description: PGP signature
Re: Best Fieldtype to store IP address...
On Fri, Nov 11, 2005 at 11:51:52PM -0500, Rhino wrote: Isn't there a new way to express IP addresses called IPV6(?) which has a possibility of 6 distinct parts instead of the traditional 4? I haven't seen one of these new formats myself yet but for all I know, they will become soon in the near future. Maybe you'd better choose a field type that can accomodate those as well as the traditional 123.123.123.123 type I believe both 14v6 and ipv4 can be expressed as decimal numbers too. -Jason Martin -- This Charlie Brown must have been a very wise man. This message is PGP/MIME signed. pgp8sR0zW0B48.pgp Description: PGP signature
Re: MySQL table growth monitoring via RRDtool and histographs?
On Tue, Nov 01, 2005 at 02:38:29PM -0800, Kevin Burton wrote: Gangla and Cacti seem to do similar tasks (if you stretch them) but they really fall down fast. Can you elaborate on 'fall down fast'? It should be a really simple operation to do this in cacti. -Jason Martin -- SYSTEM ERROR: press F13 to continue... This message is PGP/MIME signed. pgpXCOKot7XHV.pgp Description: PGP signature
Re: Oracle DMP to mySQL -- Possible???
On Tue, Oct 25, 2005 at 04:22:01PM -0400, sheeri kritzer wrote: What you need is the table schemas and the data. Oracle doesn't have SHOW CREATE TABLE like mysql does. Furthermore, Oracle also doesn't The oracle-supplied DBMS_METADATA package can do this for you. -Jason Martin -- Silence is more eloquent at times than words. This message is PGP/MIME signed. pgpLVYHOkxNxK.pgp Description: PGP signature
Re: Joins Tutorial Anywhere?
On Wed, Oct 05, 2005 at 09:36:51AM +1000, Ligaya Turmelle wrote: Having asked that, another question arises...do my field names in different tables within the same database have to overlap (same field name) in order for joins to work? I'm currently naming fields in such a manner: No, names do not have to overlap. -Jason Martin -- Reduce Carbon Dioxide emmissions - STOP Breathing This message is PGP/MIME signed. pgpoEeMSujkX4.pgp Description: PGP signature
Re: Weird delete behavior on mysql 4.0 - rows not disappearing....
On Wed, Aug 31, 2005 at 11:18:40PM -0400, Michael Stassen wrote: No, with the default transaction isolation level, REPEATABLE READ, that's how it is supposed to work. You've started a transaction in Window B, so Window B is immune to changes made in Window A until you finish the transaction in Window B. See the manual for details http://dev.mysql.com/doc/mysql/en/innodb-consistent-read.html Is this a known bug? It's not a bug. Oracle works in a similar fashion. -Jason Martin -- Never eat anything bigger than your head. This message is PGP/MIME signed. pgpnWgmFXjYfU.pgp Description: PGP signature
Re: What is a schema?
On Wed, Aug 03, 2005 at 03:30:19PM +0100, Juan Pedro Reyes Molina wrote: as far as I know a schema is a description of a database. In ORACLE terms, a schema is a grouping of database objects (tables, indexes, and so on). It is synonymous with user in ORACLE. A given ORACLE instance can contain multiple schemas. -Jason Martin -- I'd love to, but I have to rotate my crops. This message is PGP/MIME signed. pgpjwHryLEUmW.pgp Description: PGP signature
Re: password is lose
On Fri, May 20, 2005 at 09:28:40AM -, [EMAIL PROTECTED] wrote: Hint: Did you specify a password for the login ? I suspect the original poster was saying that he doesn't remember setting a password, so he doesn't know what password to enter. -Jason Martin -- Unrecoverable Application ERROR - Detonation follows. This message is PGP/MIME signed. pgpXdR848wy3b.pgp Description: PGP signature
Re: How to retain Key order when Deleting a Row
On Tue, Apr 12, 2005 at 02:38:12AM +, B Wiley Snyder wrote: I just need someone to please point me in the right direction on retaining my key or id order in my table when I delete a row. So for example I have 10 rows Id 1-10 that are created automatically when the record is inserted. Such a thing isn't possible as it would require MySQL to update every row 'past' the deleted row. Why do you need to do this? -Jason Martin -- Oxymoron: Steel wool. This message is PGP/MIME signed. pgpdul81Q104Q.pgp Description: PGP signature
Re: Non-destructive Expanding Retracting sets
On Thu, Mar 31, 2005 at 05:21:00PM +0200, Andy Pieters wrote: In a record there is a field category. Categories can be added/changed/removed Example data idtype Page 1category1,category2 Page 2category3 Page 3category2,category4 From a Normal Form perspective, this is supposed to be implented as Page 1 category 1 Page 1 category 2 Page 2 category 3 Page 3 category 2 Page 3 category 4 at which point adding / removing categories is just a simple insert or delete. I currenlty do my selects with SELECT `id` FROM `thetable` WHERE `type` LIKE '%category3%'; That query will not be able to use indexes and will be too slow to use in any sizable database. -Jason Martin -- Nobody home but the lights, and they're out too. This message is PGP/MIME signed. pgpJnyYA6U07B.pgp Description: PGP signature
Re: Url http://highperformancemysql.com/
On Fri, Feb 18, 2005 at 10:06:38AM +0100, Anton Kornexl wrote: There should be tools on this website, but i see only a message from Infektion Group. What happened ? Looks like the website got hacked. -Jason Martin -- Useless Invention: Motorcycle seat-belts. This message is PGP/MIME signed. pgpgz69QP9rZx.pgp Description: PGP signature
Re: mysqld process hangs, cannot terminate
On Tue, Feb 08, 2005 at 03:57:16PM -0600, Brian Erickson wrote: stops working) and continues to run. Nothing we do will terminate that process (we have tried: kill pid, kill -s 9 pid, everything that is supposed to forcibly kill the process and nothing works). A unkillable process like that is usually the result of a hardware problem. In 'top' is the process stuck on 'D', ie waiting for a disk to respond? -Jason Martin -- If you can't debug it, deplug it. This message is PGP/MIME signed. pgp660FTDZ8an.pgp Description: PGP signature
Re: bash powered MySQL Queries
On Mon, Jan 31, 2005 at 06:57:58PM +, Edward Macnaghten wrote: 1 - The output is not cluttered with headers, and a means exist to easily separate fields when there is more than one column or row in the query. The mysql --batch option should take care of that for you. -Jason Martin -- If your attack is going well, then it's an ambush.. This message is PGP/MIME signed. pgpGbq3SC6aXz.pgp Description: PGP signature
Re: disappearing data - please help!
On Sun, Jan 30, 2005 at 03:28:56PM -0500, Sheryl (Permutations Software) wrote: but I'm having the most frustrating problem. Data I've inserted simply VANISHES. What is the setting for AutoCommit? If it is 0, are you sure that commit is being called before the session ends? -Jason Martin -- Felinious Assault: Striking someone with a cat. This message is PGP/MIME signed. pgp7rOTL5oXlH.pgp Description: PGP signature
Re: disappearing data - please help!
On Sun, Jan 30, 2005 at 04:03:37PM -0500, Sheryl (Permutations Software) wrote: transactions. It's just the default. I don't know where I'd check AutoCommit settings (or it they even apply to the default database type). It doesn't refer to this in phpinfo.php. Try doing this immediately after inserting the data: mysql_query(COMMIT, $this-dbh); and see if that changes anything. -Jason Martin -- My karma ran over my dogma This message is PGP/MIME signed. pgpplCPHXl079.pgp Description: PGP signature
Re: A problem of structure
On Wed, Jan 26, 2005 at 01:56:05PM +, Pupeno wrote: Takes more room because of the extra field ? Can you tell me more about 'the normalized approach' ? http://en.wikipedia.org/wiki/Database_normalization -Jason Martin -- If you cannot convince them, confuse them. This message is PGP/MIME signed. pgpGY7lV887VI.pgp Description: PGP signature
Re: load balacing in a replicated environment
On Fri, Jan 21, 2005 at 09:21:18AM -0500, Eben Goodman wrote: connection layer, and based on time of day or something passes a You could use a TCP load balancer such as Balance or PEN, or you could modify the code to randomly select a server name from a list at connection time. -Jason Martin -- Are dog biscuits made from collie flour? This message is PGP/MIME signed. pgp7osbfhBB4l.pgp Description: PGP signature
Re: calculated field
On Fri, Jan 21, 2005 at 07:38:59PM +0100, Javier wrote: Now I need to put data in a db but the problem is with this calculated data. A friend of mine that use Oracle told me that I could define a field like field1 = field2 + field3, but I can't discover this option in Mysql. You can't define a table that way. However when selecting the data you can do select (field2+field3) FIELD1, field2, field3 from table such that you'll get the calculated field. -Jason Martin -- When I tried to take an ego trip I got stopped at the border This message is PGP/MIME signed. pgpwOoiS87sEx.pgp Description: PGP signature
Re: Generic graphing tool?
On Tue, Jan 11, 2005 at 11:44:34AM +1100, Daniel Kasak wrote: Jason Martin wrote: Does anyone know of a web-based tool that will let you graph arbitrary data out of of MySQL? I'm thinking of something that lets you define a select statement, some graph options and produce a graph. JPGraph produces some *very* nice graphs from PHP. Thank you, but that wasn't quite what I was looking for. I've got a small data warehouse filled with a wide variety of statistics about an application. I'd like to let users execute arbitrary SQL statements against the the database and provide some graph parameters and have a graph created, entirely through the web. Sort of a like a mysql-enabled web-based gnuplot. It looks like such a thing doesn't exist but I was hoping someone had written it already : Thanks, -Jason Martin -- This message is PGP/MIME signed. pgpSb74fWb6XX.pgp Description: PGP signature
Re: Generic graphing tool?
On Tue, Jan 11, 2005 at 05:55:31PM +0100, Olivier Kaloudoff wrote: Cacti, based on mysql stored rrd database is probably the kind of tool you are looking for; Ahh, so is there a cacti-like tool that understands MySQL? Thanks, -Jason Martin -- This message is PGP/MIME signed. pgpUVrrAJRbSG.pgp Description: PGP signature
Generic graphing tool?
Does anyone know of a web-based tool that will let you graph arbitrary data out of of MySQL? I'm thinking of something that lets you define a select statement, some graph options and produce a graph. Thanks, -Jason Martin -- You can't go home again, unless you set $HOME. This message is PGP/MIME signed. pgp1G8gqgRN83.pgp Description: PGP signature
Re: how to connect to MySQL with an ecripted password.
On Mon, Jan 10, 2005 at 11:44:48AM -0800, Eduardo Castro wrote: Is there a way to encript the password in the text file? Or anothe way to connect to my sql with an encripted password? Any authentication token you store in a text file will be just as useful as an unencrypted password, since once known it can be used in another script. You should concentrate on protecting that file. -Jason Martin -- Any philosophy that can be put in a nutshell belongs there This message is PGP/MIME signed. pgpvmpfpEhT4g.pgp Description: PGP signature