SEO

#21 (**permalink**) 04-24-2008, 06:09 PM

On Apr 23, 11:04 am, "Peter H. Coffin" <hell...@ninehells.com> wrote:

> In case you're not sure about it, the GRANT USAGE means no privs except
> those explicitly assigned [1]. This user can manipulate data only, not
> structure, yet has no trouble using those functions you seem to think
> would not be accessable to a restricted role user ID.
>
> I am glad you posted here. You will have an opportunity to reassess some
> of your security strategy.

Thanks for pointing this out, Peter. I was totally blind to this.

#22 (**permalink**) 04-24-2008, 06:09 PM

On Apr 23, 11:23 am, "Peter H. Coffin" <hell...@ninehells.com> wrote:
> On Wed, 23 Apr 2008 07:53:35 -0700 (PDT), lawp...@gmail.com wrote:
> > On Apr 22, 4:25 pm, "Rik Wasmus" <luiheidsgoe...@hotmail.com> wrote:
> >> My first guess (and almost certainly the correct one) is:
> >> - the UNIQUE is NOT defined properly, or there are more then 1 UNIQUE keys
> >> defined on the same table.
>
> >> My second and final farfetched guess is:
> >> - client-id is erroneously defined as float and there are float troubles
> >> (in which case not security but mere shame client-id was defined as a
> >> float would prevent me from posting the table definition).
>
> >> No more guesses will be made from here on by me. Without a table
> >> definition, I leave you to the people with better crystal balls.
>
> > Those are good guesses, and I appreciate your assistance. I'm probably
> > coming off as smarmy, but I'm just relaying information.
>
> > All I asked originally was if
> > "Am I getting the error because my UNIQUE key is too long? "
> > "Is there a way to actually look at the values for the keys in my
> > table? "
>
> > If you are choosing to answer more than "No, no", then I appreciate
>
> It's probably more "not in this case from the visible sample, no", but
> that doesn't change this instance. Unique keys can get kind of funny
> when you're dealing with large objects. But the hash you've chosen
> indicates that you've probably intentionally sidestepped that issue.

That's all I can reasonably expect here. I tried to phrase my question
in terms of "Can MySQL do this" rather than "Here's my code and error,
what's wrong?" because I could not provide my code. For whatever
reason, I phrased my request and responses here in a way that
triggered responses from people as if I were trolling. Well, I really
don't know what people thought, but to me, it seemed to get a little
heated, and I think that the fault lies on my part. That wasn't my
intention; there was some subtlety of communication that I missed out
on.

> > your willingness to go the extra mile to help me troubleshoot me
> > troubleshoot my problem, and I apologize that I could not provide the
> > additional information. It's not my decision to make.
>
> See, now THAT is a fine reason not to share the structure. "Can't, for
> internal political reasons. Thanks for your time" is always acceptable,
> as are NDAs or even "don't feel like it". The price for those things is
> that we can't give much help, and that's usually a pretty small price.
> Very few folks here know anything that's not in the doco anyway; we
> (collectively) just may be able to cross-corollate faster than one brain
> does in a particular instance.

That's true. I'm certainly aware of the value of this newsgroup, and I
have gotten a lot out of it over the years. It feels to me almost like
an abuse of the newsgroup not to be able to post the structure -- like
I'm not paying my dues -- but in this instance, I just can't.

#23 (**permalink**) 04-24-2008, 06:09 PM

lawpoop@gmail.com wrote:
> On Apr 22, 5:46 am, "petethebl...@googlemail.com"
> <petethebl...@googlemail.com> wrote:
>> On 21 Apr, 22:40, "Paul Lautman" <paul.laut...@btinternet.com> wrote:
>>
>>> Confidential!!! It will be a list of fields with data types, sizes and field
>>> names. That is what all tables look like. How the !"!"££ can it be
>>> confidential!
>> That's what I was trying to say, but more politely.
>
> Well, if we have a database that's available to the public through a
> website, and some entreprising hacker wants to do an SQL injection,
> they would get quite a leg up if they could look up the exact names of
> our fields and tables.
>
> Of course we are taking every precaution to prevent SQL injections and
> other hacking attemps, and not broadcasting table definitions on the
> internet is part of that

>
> As far as confidential, saying that no table definition can be
> confidential because it's made up of the same parts ( tables and
> fields ) as any other database is like saying all programs are the
> same because they're all made up of vairable and operators. It's the
> arrangement of the parts that adds value. Surely, you would agree that
> certain database structures are better than others for particular
> problems. Or all they all the same? If they aren't the same, then a
> business person who invested money to get a better data model might
> want to protect their investment.
>
> Why couldn't Microsoft release the code for Windows? After all, it's
> made up of the same parts as any other program. And I'm not talking
> security wise, but competition-wise -- for example, not giving OS
> providers a leg up in creating platforms to run software written to
> run with the Windows API.
>
> Suppose we have a business model, expressed as a database, that is
> superior to our competitions', and that allows us to ship products
> faster for less money. Why would we want to then give our model to our
> competition? We spent a lot of time and money building it; it doesn't
> make business sense to give it to your competition for free.
>
> </OT rant>

of course, one can always obfuscate the field names so as to protect the
identities. A working (broken??) example is much easier to provide a
reasonable guess than not. 2 questions - How is the MD5 field defined
and how is the client_id field defined.

The error is that there is a duplicate.

what does
select guid,client_id from <tab> where guid =
'ba083c1576f8c555ef4ff0ae09dd33a7'

Worst case is that you have a corrupt index.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

SEO

error with UNIQUE key length?