[mythtv] Patch for generic SQL query
David Whyte
david.whyte at gmail.com
Wed Apr 27 06:59:50 UTC 2005
Sounds like a nasty security issue for me.
Also, I would like to say (at the risk of crashing and burning) that I
don't think it is a great idea to be using SQL queries of any kind between
the frontend/clients and the backend. I would say a good goal to set for the
project is to create an interface that can be used to fully manage myth.
I know there is heaps of legacy code and a couple of reasons for having SQL
in there atm and people have pro'd and con'd them all, but as a person who
would like to write a client of sorts, I would prefer to have the defined
interface to play with as opposed to a *whole* DB.
I hope that sounded positive to the devs. It was meant to be.
Whytey
On 4/27/05, Simon Kenyon <simon at koala.ie> wrote:
>
> On Wednesday 27 April 2005 05:21, David Shay wrote:
> > As discussed on IRC last night, here is a patch to provide a generic SQL
> > service through the myth protocol. This will be helpful to external
> > programs such as mvpmc and now mythroku which cannot easily access mysql
> > directly, and also allows for generic database access (non-mysql). These
> > programs can use this for things like accessing the commercial cutlist,
> > etc.
> >
> > I didn't bump the protocol version, since it is an extension, but I
> could
> > submit a patch with that included if you want.
> >
> > The new protocol command is QUERY_SQL, and it accepts any valid SQL
> command
> > after that. For instance:
> >
> > QUERY_SQL SELECT sourceid,lineupid from videosource;
>
> what security is associated with this?
> is it a mechanism for injecting malicious SQL into the db?
>
> regards
> --
> simon
> _______________________________________________
> mythtv-dev mailing list
> mythtv-dev at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-dev
>
--
--
GMAIL is 'da bomb baby....YEAH
I have GMail invites, if you want one, email me direct.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-dev/attachments/20050427/359074b2/attachment.htm
More information about the mythtv-dev
mailing list