[mythtv] Patch for generic SQL query
Kevin Kuphal
kuphal at dls.net
Wed Apr 27 14:20:02 UTC 2005
Simon Kenyon wrote:
>On Wednesday 27 April 2005 05:21, David Shay wrote:
>
>
>>As discussed on IRC last night, here is a patch to provide a generic SQL
>>service through the myth protocol. This will be helpful to external
>>programs such as mvpmc and now mythroku which cannot easily access mysql
>>directly, and also allows for generic database access (non-mysql). These
>>programs can use this for things like accessing the commercial cutlist,
>>etc.
>>
>>I didn't bump the protocol version, since it is an extension, but I could
>>submit a patch with that included if you want.
>>
>>The new protocol command is QUERY_SQL, and it accepts any valid SQL command
>>after that. For instance:
>>
>>QUERY_SQL SELECT sourceid,lineupid from videosource;
>>
>>
>
>what security is associated with this?
>is it a mechanism for injecting malicious SQL into the db?
>
>
>
This was my first thought as well. Why not add the individual commands
as needed to support the functions of the remote frontends rather than
opening up a big hole with unresticted SQL via the protocol.
Kevin
More information about the mythtv-dev
mailing list