World: r3wp

Hi Petr, 


Not sure if this is what you are asking about mySQL "Can I update 
particular fields (columns) in table?" but if you want to change 
a value you use SET.  e.g.  in mySQL protocol format


query: rejoin[{update logons set rs='}keyOrder{' where userName = 
'}cgi/userName{'}]
insert db reduce query

thanks, that shoudl do the job. I simply mean - your record structure 
has following fields for e.g. - Name, LastName, Age, Address1, Address2 
and I want to update only e.g. LastName and Address2 fields ....

I have the new MySQL Version 5 Beta installed on my development Notebook 
(WinXP). I was devoloping a Script acessing a current Version 4.1 
of MySQL without any problems and i thought about continuing dev 
work at home. There i ran into an error saying that the autthetification 
protocol of the client is not supported and i should update my client, 
which is the mysql-protocol from DocKimble, when acessing the local 
version 5 Beta of MySQL. Is this a known problem and does anybody 
knows to work around this?? Does anybody know what changed to authenfication 
that is not supported by the protocol??

this problem has been discussed before.

Guess someone will have to investigate this since dockimbel is busy 
on a contract ...

Sorry,I tried to search for this topic but could not find a result. 
Perhaps i did not get back far enough. I'll see if i can find out 
something about it. Thanks for the Info.

Re: MySQL Auth.   IIRC  http://dev.mysql.com/doc/mysql/en/old-client.html
I think we used this option "Tell the server to use the older password 
hashing algorithm" and continued without a house call.  If that does 
not work, let me know and on Monday I will ask the programmer who 
did it what did work.

I thought of that before and set the ol_password variable to on. 
But i think i forgot to change the passwords itself. I will try that 
out and let you know if it works. Thanks Mike

I would like to know the result guys, as I am about to create scripts 
for the partner site, and if I fail, bye bye rebol - the trouble 
simply is - they told us - if you want to sync data to us, prepare 
import utilities for us. So - I would still have to do the job, just 
using php or simply something else - which would be a big time loss, 
as I never used it before ....

I configured my database, then I run into above mentioned problems 
with non ability to use new authentication method. I choosed to use 
old one, but suddenly I can' connect even as a root ;-)

I use mySQL admin utility, which sets old-passwords item in my.ini 
file, yet Doc's mySQL driver does not work ... now I am at the end 
....

the trouble also is, remote site may not be willing to use old-fashioned 
passwords ... what then? No guru to adapt mySQL driver? Any pointers 
to new authentication methods?

some possible solutions here - http://forums.oscommerce.com/lofiversion/index.php/t148268.html

I better contacted our partner site to ask them, if we could use 
old method, or I am screwed with rebol then ...

Seems one can enable passwords on a per-user-base? search on the 
page: 
mysql> SET PASSWORD FOR
-> ['some_user'-:-'some_host'] = OLD_PASSWORD('newpwd');

yes, afaik it's per-user. the setting is what to use by default.

I have enabled old-passwords for all databases, yet Doc's driver 
returns still the same message ..

huh, ok. Finally can test ... while I have set old-passwords in my.ini, 
restarted service, it is not enough - so I installed mysql administrator 
app and changed user password, server probably needs to regenerate 
them to behave correctly ..

hopefully the same problem exists even for php folks, so I hope our 
partner site will not send me to hell with rebol ;-)

Here is something more: http://dev.mysql.com/doc/mysql/en/password-hashing.html

You do not need "old-passwords" globally, only your accounts needs 
an old-style-password.

what is your common rebol syntax you use mySQL driver with? I find 
it a bit difficult to use Doc's block mode, as I have to provide 
it with exactly the same amount of question marks, as there is amount 
of columns in the table (talking of insert here)

does anyone use non-rebolish, but string mode (eg. using 'compose), 
with direct mySQL syntax? (which allows constructs as for e.g. insert 
into mytable (col1, col8, col9) values ("A", "B", "C") ... so you 
don't need to care about the rest of arguments for e.g.?

Is there any "block syntax" equivalent to insert, to be used for 
updates?

hmm,  maybe I am already decided, thanks for any input, but it seems 
to me easier to directly compose valid mySQL syntax, than to think 
how to overcome rebol block conversion syntax, as I can't know what 
cases Doc's driver is able to parse ...

Hi Mike, sorry for the late reply. Changing passwords to the old 
algorhitm and setting the variable ol_password to "on" did the job. 
Thanks

has anyone experience with character sets and collations? I can see 
there are variables like character_set_connection() and collation_connection(), 
etc. - can those be set from within the Rebol?

This is related, I think, to my notes about VID and MySQL in the 
View section. In a test that we ran in 2004 we were able to load 
1,000,000 rows in under 30 minutes.  We did not investigate further 
but we thought we could improve this by running parallel loads and 
putting it on a real server instead of a laptop.  This volume was 
equal to the annual volume of  the transactions we were interested 
in so would represent a journal of everything that happened to this 
app as a keyed transaction in one year.   


From that 1,000,000 row database, we were able to create an HTML 
report based on some selected criteria in 2.5 seconds.  

All tests done with REBOL View using Doc's mySQL protocol.

volker  thanks for figureing out the SET PASSWORD ...OLD_PASSWORD(''xyz'); 
before I needed it ;)

I am reopening the issue of mySQL protocol not being able to connect 
to newer >= 4.11 mySQL version database. I decided to consider this 
task as being a proof if the community is, or is not able to effectively 
resort some issues, which clearly show as a show stopper for some 
rebollers (as can be seen on ml). If we are not able to effectively 
resolve this issue, then I have to ask - what actually are we able 
to sort?

Yesterday afternoon I spent investigating Doc's scheme, and here 
are my conclusions:


- The part of code responsible for password communication with the 
server is in the 'scrambler object. The function whish establishes 
connection with server is 'do-handshake


- rebol's mysql protocol seems to distinguish protocol version 9 
and 10, and I was not able to find out, what does it mean on mysql's 
side of things. It also seems to me, there is long-password item 
already in the stack, but dunno if related, it is just osme constant. 
Protocol version 9 and 10 use different hash functions and different 
crypt functions. I really don't know, where does DocKimbel find out 
how to implement those functions, maybe by looking into mySQL source, 
so I downloaded them


- to read more about passwords in mysql, go here - http://dev.mysql.com/doc/refman/5.0/en/password-hashing.html
. Maybe it is not protocol 9 and 10 related, as you may use old password 
scheme even with new databases. The difference is as follows - starting 
from mySQL 4.11, passwords are stored in 41 bytes wide field, whereas 
with older versions, it was 16bytes. New passwords always start with 
* (asterisk) char, to be easily distinguished ...


- how things might work? Mysql sends scrambled password, and Doc's 
scheme stores it in 'crypt-seed variable.  Data is being sent by 
the protocol by 'send-packet function, where for the password part, 
scrambler/scramble function is used, which calls crypt-v10 or crypt-v9, 
according to protocol versions. Those function use hash-v10(9), floor 
and other functions ...


I think that we somehow need to find out, how to compute hash for 
not 16bytes, but for those 41bytes ...

Now - sorry if I am breaking some licenses, but I will post some 
stuff to my website, and remove it once we are finished:

http://www.rebol.cz/mysql/mysql-protocol.r
http://www.rebol.cz/mysql/password.c

I think we somehow need to figure out, how to compute new hash which 
will be 41 bytes in the result. Dunno why they don't use some standard 
hashing algorithm, so we could use simply rebol's 'checksum :-(

maybe this is better description:

The password is saved (in user.password) by using the PASSWORD() 
function in
  mysql.


  This is .c file because it's used in libmysqlclient, which is entirely 
  in C.
  (we need it to be portable to a variety of systems).
  Example:
    update user set password=PASSWORD("hello") where user="test"
  This saves a hashed number as a string in the password field.

  The new authentication is performed in following manner:

  SERVER:  public_seed=create_random_string()
           send(public_seed)

  CLIENT:  recv(public_seed)
           hash_stage1=sha1("password")
           hash_stage2=sha1(hash_stage1)
           reply=xor(hash_stage1, sha1(public_seed,hash_stage2)

           // this three steps are done in scramble() 

           send(reply)

     
  SERVER:  recv(reply)
           hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
           candidate_hash2=sha1(hash_stage1)
           check(candidate_hash2==hash_stage2)

           // this three steps are done in check_scramble()

why Doc implemented his hash-V9 and hash-V10 functions this way? 
Don't we have 'sha1 method with 'checksum? (just basing it upon "help 
checksum")

So - I did some homework here, but I am at my limits (well, maybe 
not, but I will be very slow from now on), whereas we have ppl knowing 
C here, and ppl who did some hashing etc. for Beer (Ladislav), so 
guys, if you find some 10 minutes of spare time, please at least 
try to give me some pointers here. As I said - the world is upgrading 
mySQL to 5.0 now, so 4.11 is older, not to mention 4.0.1 or 3.23. 
It is about having mysql free scheme for rebol, or not. And don't 
think every admin will be willing to set old-password parameter for 
his server, as this can be regarded a security risk ...

.

I think someone needs to pay someone to fix it.

:-)

You have these open source sites where a developer offers to fix 
something for a sum.  The community then collects the money and pays 
the developer.  Whoever needs this, will donate to have this done.

how much, and to whom?

someone first off needs to say that they will do it, and for how 
much.

Jeff could probably do it.

I suggested such model for a long time already. I used it with rebol 
in the past too ... so just - how much, and who does it? :-)

Ask him how much he wants, and then see who is interested in contributing.

There must be quite a few rebol users using mysql.

if no one contributes .. then clearly it's not worth doing.

I will see what comes up on ml ....

People have to earn a living ..

anton (sorry, can't write capital "a", my keyboard broken :-), the 
trouble is that I can see some ppl frustrated at ml .....