Newsgroups: php.internals,php.webmaster
Path: news.php.net
Xref: news.php.net php.internals:73775 php.webmaster:18803
Return-Path: <jvelasqu@hawaii.edu>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 18794 invoked from network); 24 Apr 2014 16:15:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Apr 2014 16:15:04 -0000
Received: from [127.0.0.1] ([127.0.0.1:4611])
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ECSTREAM
	id 6F/B0-11915-88839535 for <internals@lists.php.net>; Thu, 24 Apr 2014 12:15:04 -0400
Authentication-Results: pb1.pair.com header.from=jvelasqu@hawaii.edu; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=jvelasqu@hawaii.edu; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain hawaii.edu designates 209.85.216.176 as permitted sender)
X-PHP-List-Original-Sender: jvelasqu@hawaii.edu
X-Host-Fingerprint: 209.85.216.176 mail-qc0-f176.google.com  
Received: from [209.85.216.176] ([209.85.216.176:42330] helo=mail-qc0-f176.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 46/60-11915-C9439535 for <internals@lists.php.net>; Thu, 24 Apr 2014 11:58:21 -0400
Received: by mail-qc0-f176.google.com with SMTP id x13so1862902qcv.35
        for <internals@lists.php.net>; Thu, 24 Apr 2014 08:58:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:date:message-id:subject:from:to
         :content-type;
        bh=k8yb/kr9Ej0ge4ItBwoq9ejG5wYw+1ANS4wAHuOH1Wo=;
        b=mmHh+v425e0r5CRJA4WWXdPJ4MyvUANoB1X2yja787dXECoiEDr3/2eNeHH7ARI99n
         EKRoQt4UEtTCxzmqaRmgRJYeKXRi+JDn4sLLd9kiFGHnSlV1zSZ9gfSKwjAn8gwS53J/
         /y4zJyk4WpKguOKILNlt7qoypm7NMNmLnUh2ebf2dNL7TwMrIiZUJW8BASardImHOFo+
         N4PoRrJEqsSSLmZGSxXTro6mF3R/P2ImKHMrRVf/C8RIRE9FW/5I+HnQEJhWGKLVwHHO
         xbVadUxnpbXq+HAzEYyCQonKJi3PD5zX7Oolb+Y4PlJ6Bo5dbAPjnnei1XgbpcG7iKJn
         UJ+Q==
X-Gm-Message-State: ALoCoQmKQ/aTPjndw0IOtSiWaWf+wrb4N8aQPNxt5jgmZw0shpQC3W1/LDXfLR0xz+9d1A8rXYZs
MIME-Version: 1.0
X-Received: by 10.140.28.70 with SMTP id 64mr3845210qgy.36.1398355097988; Thu,
 24 Apr 2014 08:58:17 -0700 (PDT)
Received: by 10.96.216.104 with HTTP; Thu, 24 Apr 2014 08:58:17 -0700 (PDT)
Date: Thu, 24 Apr 2014 05:58:17 -1000
Message-ID: <CAOsfcJPKnoQ=UVze6xwvV7oG7AjUFxOBZRAFKQG1iSKy-KkG6Q@mail.gmail.com>
To: internals@lists.php.net, php-webmaster@lists.php.net, 
	Zeev Suraski <zeev@zend.com>, Zak Greant <zak@mysql.com>, Georg Richter <georg@php.net>, 
	Andrey Hristov <andrey@mysql.com>, Ulf Wendel <uwendel@mysql.com>, 
	George Schlossnagle <george@omniti.com>, Johannes Schlueter <johannes@mysql.com>
Content-Type: multipart/alternative; boundary=001a113a970ae2bb8704f7cbea45
Subject: fork of php mysql[i][nd] extension for script filehash based db auth
From: jvelasqu@hawaii.edu (Juan Velasquez)

--001a113a970ae2bb8704f7cbea45
Content-Type: text/plain; charset=ISO-8859-1

Aloha,
      I'd like to see a fork of the mysql extensions and perhaps other
databases (I'm actually a little partial to postgres),   that allows mysql
to authenticate php scripts based on their file contents, or hash, or inode
modification time.   Basically during mysql_[p]connect() calls,

    1. checks if feature is enabled,
    2. gathers additional data
               script path and name hash,
               script file contents hash  (only computed if mtime changed),
               script file inode mtime,
               desired database name,
    3.  then uses this data as a key to a flat file berkeley db in
/etc/php5/
    4.  where it could be returned a data record containing
                mysql hostname,
                real database name,
                real username,
                real password,
    5.  and then transparently continues it's connection to mysql,
    6.  and upon success returns the connection to the php script, which
never knew the difference.


I'm almost done coding this idea into the old mysql extension for a proof
of concept and assuming it received positive feedback would enjoy coding it
into mysqli or mysqlnd, or others. I also coded up a little helper program
for managing the bdb table,  to create, add, update, and remove records
from the /etc/php5/mysql_auth.db database,  that the extension consults
upon page requests.

I'm doing this for a school project, for extra credit in my Software
Engineering class.
It'd be great if this idea really worked,  and if there was not some huge
hole in my thinking on this subject.   In any case I welcome opinions on it.

I'm particularly interested in knowing what fields would be useful in the
key and data.


thank you.
/juan



-- 

"only during tornadoes do apples fall far from the tree."   Juan Velasquez
"there's reasons for everything, though it's too bad too often a no good
reason."  Juan Velasquez

--001a113a970ae2bb8704f7cbea45--