>>>>> "sinisa" == sinisa <sinisa@stripped> writes:
sinisa> Robert Goff writes:
>> - The answer is simple. Any user that has GRANTing option can change
>> - passwords of all users, grant other users privileges etc !!!!
>>
>> Are you saying that the behavior he's describing is documented and correct?
>>
>> If I understand correctly, he's saying that a user with no update privs
>> anywhere in the system can do an update on any user's record, including
>> root, in the users table. This sounds like a Bad Thing to me.
>> --
>> Chemistry professors never die, they just smell
>> that way!
>> Please note changed phone number.
>> ===============================================
>> Robert Goff robert@stripped
>> Technical Writer/Editor, Webmaster 505-564-8959
>>
>>
sinisa> Yes, that is exactly what 'WITH GRANT OPTION' is designed for !!!
sinisa> Update privileges are not important for operations with grant
sinisa> tables. 'WITH GRANT OPTION' is all that is needed.
sinisa> This is standard ANSI SQL92 behaviour, and most of RDBMS's conform to
sinisa> it !!
Sorry, no; Please check my previous letter. You are only allowed to
grant things to others that you have privileges for!
Regards,
Monty
