Tanks for responding Johan.
I am indeed looking for MySQL session ID's, not an HTTP session ID. I'm
doing a defense in depth audit and reviewing potential threats to each
remote connection - in this case session fixation. I know I can set
various session timeout properties that help mitigate fix
Great, thanks to all.
I don't mean to defend our auditors, because they are a PITA, but they do
appear to be decently knowledgeable in general - but they aren't, not can
they be expected to, be specific application-level experts - otherwise, the
number of auditors we would be required to hire woul
Hi All.
I've searched but with no luck... what do exactly these variables mean:
1343928 OS file reads, 1085452262 OS file writes, 19976022 OS fsyncs
?
I am wondering if my innodb_buffer_pool setting is not to low. Does 'file
reads' show number of times innodb files have been read into memory fro
On 21.06.2013 13:59, Rafał Radecki wrote:
> Hi All.
>
> I've searched but with no luck... what do exactly these variables mean:
>
> 1343928 OS file reads, 1085452262 OS file writes, 19976022 OS fsyncs
>
> ?
these are the total number of reads/writes/fsyncs (number of system
calls actually?) sin
Steven,
Am 21.06.2013 13:35, schrieb Steven Siebert:
If the TCP connection is lost...is the effectively session over and
can not be re-established on another socket?
Yes.
In a mysql client sense, I
would need to re-establish a connection and set my session variables again
rather than just r
Hartmut/Denis - Great information, thank you! I was unaware that mysql
bound the session id to the socket in such a way that it would not permit
that session id to be provided on other socket. This was the missing piece.
Hartmut - if the session Id is not a meaningful part of the client/server
p
Am 21.06.2013 12:48, schrieb Steven Siebert:
You stated these IDs are sequential...do you know if there is any way to
modify this to utilize a "random" generation? Sequential session IDs are
an avenue to session hijacking.
There is no attack vector opening up by knowing a session ID. A
"sess
On 21.06.2013 13:35, Steven Siebert wrote:
> Hartmut - if the session Id is not a meaningful part of the
> client/server protocol, is the session managed my the transport layer
> rather than the app layer? If the TCP connection is lost...is the
> effectively session over and can not be re-establi
On 21.06.2013 12:48, Steven Siebert wrote:
> You stated these IDs are sequential...do you know if there is any way to
> modify this to utilize a "random" generation? Sequential session IDs are
> an avenue to session hijacking.
as a MySQL client session is bound to a specific TCP connection ... h
- Original Message -
> From: "Steven Siebert"
> Subject: Re: Session ID Generation
> I am indeed looking for MySQL session ID's, not an HTTP session ID.
> I'm doing a defense in depth audit and reviewing potential threats
> to each remote connection - in this case session fixation. I kno
As a matter of dumb questions, what versions are the old and new mysqld; and
are they running on the same platform (OS, 32/64 bit, ...) ?
- Original Message -
> From: "Peter"
> To: "Reindl Harald" , mysql@lists.mysql.com
> Sent: Friday, 21 June, 2013 10:04:27 AM
> Subject: Re: help: inno
Hi Frank,
On 20/06/2013 05:00, Franck Dernoncourt wrote:
Hi all,
A table `logs/#sql-ib203` appeared after a MySQL crash due to disk space
shortage while deleting some attributes in a table in the `logs` database
and adding an index.
`USE logs; SHOW TABLES;` does not list the table `logs/#sql-i
>boah you *must not* remove ibdata1
>it contains the global tablespace even with file_per_table
>"ib_logfile0" and "ib_logfile1" may be removed, but make sure you have
>a as cinsistent as possible backup of the whole datadir
I removed "ib_logfile0" and "ib_logfile1" and restarted mysql with
in
13 matches
Mail list logo
