Mailing List Archive


Back to the month index Back to the list index
Gary Bickford (garyb@outlawnet.com)
Wed, 15 Jan 1997 00:43:54 -0800 

Message-Id: <v01540b0faf024493b8d7@[204.245.248.245]>
Date: Wed, 15 Jan 1997 00:43:54 -0800
From: garyb@outlawnet.com (Gary Bickford)
Subject: Re: [mSQL] 2.0 - can it cache results?

>I don't think you can do that in ANSI terms. The SELECT INTO creates the
>table.

This works for me, for most uses anyway.

>> The CERT advisory would certainly not be mSQL related in this case. That is
>> like saying that a CERT advisory could be issued about Unix file systems
>> because someone writes a script to append hits to a file continuously.
>
>I'd have to disagree. mSQL is available over the net so I could, in
>theory, trash any machine on the Net running mSQL 2.0 by sending it bogus
>SELECT INTO queries. That is a remote denial of service attack and is
>something CERT would be keen to advise people of.

Couldn't this be handled by either the existing msql.acl file, or by adding
an additional option regarding hosts & users with table create and drop
rights?

[Discussion on table management]

Bambi's point on table explosion is a very salient issue - for example the
recent list thread regarding a 2500x2500 table join that generated 350 MB
of data!

>Providing an effective and user safe scheme is non-trivial but it is
>something I have on my list of things to think about.
>
>Sure, the easy (and ANSI) option is to punt the entire problem into the
>lap of the user and let them worry about it. If I can find a way to
>manage this in the server itself it makes using this feature a lot easier
>and much safer. I'm all for making the server as easy to use as
>possible. Data management complexity should be in the server rather than
>in the clients. It makes writing good client code much easier.

How 'bout we start with the ANSI (easy is not a bad thing), and let people
play with it and see what they need, while thinking occurs. It could be
handy using all us hackers for guinea pigs - make it a compile time option.

If you'll make the simple version available, I promise to only use it on
Sundays to drive to the store, and NEVER use table joins :)

[For my part, getting 20 simultaneous users would be fabulous!]

Final note - if I had access to such tables, then I would need large table
joins much less often, reducing the maximum amount of disk space required.

end
=======
Gary Bickford, FXT Corporation http://www.fxt.com
System integration, active web site design, intranets.
garyb@fxt.com 541-923-3060

--------------------------------------------------------------------------
To remove yourself from the Mini SQL mailing list send a message containing
"unsubscribe" to "unsubscribe" to msql-list-request@bunyip.com. Send a message containing
"info msql-list" to majordomo@bunyip.com for info on monthly archives of
the list. For more help, mail owner-msql-list@bunyip.com NOT the msql-list!