Hi all,
http://bugs.mysql.com/bug.php?id=3779
Discussion about insecurity of mysql_pconnect in
multi-server/multi-user environment.Can anyone explain what Hartmut
Holzgraefe meant by
"But even if close_on_exec were set on PHP->MySQL connections there
would still be the risk of connection hijacking with PHP pconnect
as any other piece of code executed within the web server context
has access to the persistant connection. This especially includes,
but is not limited to, other PHP scripts. " ???
How is is possible to hijack a mysql connection in a php script?
Thanks,
Lukasz Wojtow