3 messages in com.mysql.lists.internalsRE: sql/password.c| From | Sent On | Attachments |
|---|---|---|
| Guus Leeuw jr | 18 May 2008 03:15 | |
| Sergei Golubchik | 19 May 2008 10:14 | |
| Guus Leeuw jr | 19 May 2008 10:37 |
| Subject: | RE: sql/password.c |
|---|---|
| From: | Guus Leeuw jr (guus...@itpassion.com) |
| Date: | 05/19/2008 10:37:24 AM |
| List: | com.mysql.lists.internals |
Hi there,
-----Original Message----- From: Sergei Golubchik [mailto:se...@mysql.com] Sent: 19 May 2008 18:15
Hi!
On May 18, Guus Leeuw jr wrote:
Hello,
Sorry for the somewhat wide distribution, first of all. (This message was originally cross-posted to cont...@lists.mysql.com; so please reply to them as well.)
Background:
I am implementing multiple websites using MySQL as a backend database. So far, nothing new. However some of these websites will host applications that are password protected and user-role authorized. Thus it would seem ideal if we could somehow manage for the website password to be the same as the database password, so that we can target specific tables / databases for specific users. One of the databases is to hold financial data, which I would not want a "role-based" user id (aka "web"/"web") to be able to see.
I *assume* that a possibility like this would greatly benefit several organizations using MySQL for similar purposes, if these organizations already have centralized password databases. Nowadays with Microsoft finally supporting Kerberos by default as the means to store Active Directory passwords, it would seem to me that a large number of organizations actually fit that bill.
The first thought is - check Summer of Code projects: there're two related:
http://code.google.com/soc/2008/mysql/appinfo.html?csaid=9CDE431A6856AD 74
this is your roles.
http://code.google.com/soc/2008/mysql/appinfo.html?csaid=1F94B07630EA06 DA
OK, is Milos on the list? Are there already thoughts on the design, etc. I don't really want to wait until after the Summer (sic) for this to be available. Also, I kinda need it for 5.0, not 6.0 or something higher up the tree.
The easiest thing to do would then simply be to support SASL in MySQL, and leave everything up to SASL. (CRAM, DIGEST, GSSAPI, Auxprop, PAM)
[snipped as the discussion takes a turn towards pluggable authentication]
Cheers, Guus