 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Jul-2007 | Next-Thread | Next-Msg |
| Subject: | Re: Possible DoS when the adress and the virtual mysql transport table's characterset mismatches? |
| Group: | Postfix-users |
| From: | steeeeeveee |
| Date: | 24 Jul 2007 |
-------- Original-Nachricht --------
Datum: Tue, 24 Jul 2007 16:33:12 -0400
Von: Victor Duchovni <Victor.Duchovni>
An: steeeeeveee
CC: postfix-users
Betreff: Re: Possible DoS when the adress and the virtual mysql transport table\'s characterset mismatches?
> On Tue, Jul 24, 2007 at 10:25:32PM +0200, steeeeeveee wrote:
>
> > -------- Original-Nachricht --------
> > Datum: Tue, 24 Jul 2007 16:19:59 -0400
> > Von: Victor Duchovni <Victor.Duchovni>
> > An: Postfix users <postfix-users>
> > Betreff: Re: Possible DoS when the adress and the virtual mysql
> transport table\'s characterset mismatches?
> >
> > > On Tue, Jul 24, 2007 at 04:14:48PM -0400, Wietse Venema wrote:
> > >
> > > > > query = SELECT transport FROM domain WHERE
> > > CONVERT(domain USING utf8)=CONVERT(_latin1'%s' USING utf8) AND
> backupmx='0' AND
> > > active='1'
> > >
> > > Looks like a table scan if the 'domain' attribute is not already utf8.
> > > Otherwise converting from LATIN1 to utf8 for comparison looks
> perfectly
> > > reasonable if it is in fact necessary.
> > >
> > In my case domain is (or should) already be in UTF8. So the first
> convert is not really needed. But I had so much bad experience with MySQL and PHP
> that I did not wanted to risk anything. So I force the convert.
>
> If the optimizer is not overly clever, it will not use an index for
> columns that are inputs to functions (like CONVERT), so you should
> probably drop redundant conversions if they are NOPs. Of course if your
> table is small enough, and traffic rates are modest, table scans may
> be acceptable.
>
The MySQL optimizer is not that clever. As soon as you use a CONVERT it will do a full table scan for the converted field. Without the CONVERT the query would use the index. Even if I force the usage of the index MySQL will still do the table scan.
I personally have no problems with MySQL doing the table scan. I prefer to catch problems with the convert then having Postfix to suffer from character/collation conversation problems with MySQL.
> --
> Viktor.
>
// Steve
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majordomo?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
| Prev-Msg | Prev-Thread | Postfix-users | Jul-2007 | Next-Thread | Next-Msg |