sorted by: recent | see :
popular
Content Tagged Gotchas
Can't get courier daemon to login mysql? - Ubuntu Forums
Postfix: del.icio.us/tag/postfix
Ubuntu
email
sysadmin
Courier
Postfix
Gotchas
goddamnprogrammers
SHOW VARIABLES Shows Variables MySQL Does Not Know About
Taking UFS new places safely with ZFS zvols - Multiple Threads : Phil Harman's Weblog
Multiple Threads : Phil Harman's Weblog
Views and Social Engineering
CREATE TABLE secretData ( secretValue int COMMENT 'If this goes over 5, WWIII will start' ); CREATE SQL SECURITY DEFINER VIEW censoredData AS SELECT * FROM secretData WHERE secretValue<telephone> ring ring
<sysadmin> “Hello?”
<evilFiend> “I’d like to create an insertable view on some tables I already have rights to. I don’t know just yet what I’ll use for my select statement.”
<sysadmin> “Ok. I’ll set it up so you can do what you’d like.”
CREATE SQL SECURITY INVOKER VIEW evilFiendsView AS SELECT 1; GRANT SELECT, INSERT, ALTER ON test.evilFiendsView TO 'evilFiend'@'%';
evilFiend connects to the server, while twiddling the end of his handlebar mustache.
ALTER VIEW evilFiendsView AS SELECT * FROM censoredData WITH LOCAL CHECK OPTION; INSERT INTO evilFiendsView VALUES (42);Muhahaha!
snoyes: Messing with LAST_INSERT_ID()
Time for another MySQL Community Quiz:
Everybody knows that LAST_INSERT_ID() returns the value most recently created in an auto_increment column. Fewer of us know that you can pass a value to LAST_INSERT_ID(), and that value will be returned for the next call to LAST_INSERT_ID(). For example,
INSERT INTO table (someNonAutoIncrementField) VALUES (LAST_INSERT_ID(42)); SELECT LAST_INSERT_ID();
The INSERT inserts ‘42′ into the table, and the SELECT returns 42.
So, here’s the question: What if we pass an expression to LAST_INSERT_ID and also use an auto_increment field in the same statement?
CREATE TABLE test (id int auto_increment primary key, field int); INSERT INTO test (id, field) VALUES (NULL, LAST_INSERT_ID(42)); SELECT LAST_INSERT_ID();
And for a follow up, does it matter if you swap the insertion around?
INSERT INTO test (field, id) VALUES (LAST_INSERT_ID(42), NULL); SELECT LAST_INSERT_ID();
The manual warns about mixing LAST_INSERT_ID() and LAST_INSERT_ID(expr). This may fall under that same caveat.
snoyes: Views and Social Engineering
CREATE TABLE secretData ( secretValue int COMMENT 'If this goes over 5, WWIII will start' ); CREATE SQL SECURITY DEFINER VIEW censoredData AS SELECT * FROM secretData WHERE secretValue<telephone> ring ring
<sysadmin> “Hello?”
<evilFiend> “I’d like to create an insertable view on some tables I already have rights to. I don’t know just yet what I’ll use for my select statement.”
<sysadmin> “Ok. I’ll set it up so you can do what you’d like.”
CREATE SQL SECURITY INVOKER VIEW evilFiendsView AS SELECT 1; GRANT SELECT, INSERT, ALTER ON test.evilFiendsView TO 'evilFiend'@'%';
evilFiend connects to the server, while twiddling the end of his handlebar mustache.
ALTER VIEW evilFiendsView AS SELECT * FROM censoredData WITH LOCAL CHECK OPTION; INSERT INTO evilFiendsView VALUES (42);Muhahaha!