DBI: prepare_cached ....dangerous on shared servers?

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I remember reading somewhere that stated a potential security/privacy issue by being able to read the cached sql statements of other users on the same shared server as yours.

Is this true? Should I stop using it if the sql statement contains a transaction number that may be potentially useful.

Thanks

Comment on DBI: prepare_cached ....dangerous on shared servers?

Replies are listed 'Best First'.
Re: DBI: prepare_cached ....dangerous on shared servers? by merlyn (Sage) on Jul 02, 2007 at 18:52 UTC
I suspect that if you're doing prepare correctly, your transaction number won't be in your cached statement anyway. But, there still might be interesting information leakage in letting the names of your tables or columns leak. So it's worth being concerned about. -- Randal L. Schwartz, Perl hacker	[reply]
Re: DBI: prepare_cached ....dangerous on shared servers? by runrig (Abbot) on Jul 02, 2007 at 19:42 UTC
What database? Cached or not, there's at least one database where you can look at the currently executing SQL statement for any session.	[reply]
Re^2: DBI: prepare_cached ....dangerous on shared servers? by parv (Parson) on Jul 02, 2007 at 22:55 UTC
In case of MySQL\|SQLite?	[reply]
Re^3: DBI: prepare_cached ....dangerous on shared servers? by runrig (Abbot) on Jul 02, 2007 at 23:54 UTC
I don't know much about MySQL, but I did find a command called 'SHOW FULL PROCESSLIST'. Though I see you do have to have mysql admin privileges to see info about anyone else's processes besides your own.	[reply]