By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,247 Members | 1,165 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,247 IT Pros & Developers. It's quick & easy.

non close-on-exec mysql connection descriptor leads to security risks

P: n/a
Hi all,
http://bugs.mysql.com/bug.php?id=3779
Discussion about insecurity of mysql_pconnect in
multi-server/multi-user environment.Can anyone explain what Hartmut
Holzgraefe meant by

"But even if close_on_exec were set on PHP->MySQL connections there
would still be the risk of connection hijacking with PHP pconnect
as any other piece of code executed within the web server context
has access to the persistant connection. This especially includes,
but is not limited to, other PHP scripts. " ???

How is is possible to hijack a mysql connection in a php script?

Thanks,
Lukasz Wojtow
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
"Luke Wojtow" <gn*@student.wszia.edu.pl> wrote in message
news:2f**************************@posting.google.c om...
Hi all,
http://bugs.mysql.com/bug.php?id=3779
Discussion about insecurity of mysql_pconnect in
multi-server/multi-user environment.Can anyone explain what Hartmut
Holzgraefe meant by

"But even if close_on_exec were set on PHP->MySQL connections there
would still be the risk of connection hijacking with PHP pconnect
as any other piece of code executed within the web server context
has access to the persistant connection. This especially includes,
but is not limited to, other PHP scripts. " ???

How is is possible to hijack a mysql connection in a php script?

I don't see how. The MySQL library doesn't provide a way to convert a file
descriptor (as a number) into a DB connection. There are no functions that I
know of that convert the file descriptor into a socket resource either.
Might be possible to create a raw socket, put together the TCP/IP datagrams
using PHP, then send them to MySQL.
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.