List:Commits« Previous MessageNext Message »
From:Martin Hansson Date:September 21 2009 12:29pm
Subject:bzr commit into mysql-5.1-bugteam branch (mhansson:3121) Bug#35996
View as plain text  
#At file:///data0/martin/bzr/bug35996/5.1bt/

 3121 Martin Hansson	2009-09-21
      Bug#35996: Security Breach In Smashed TEMPTABLE Views
      During SHOW CREATE VIEW there is no reason to 'anonymize' errors that name objects that a user does not have access to. Moreover it was inconsistently implemented. For example base tables being referenced from a view appear to be ok, but not views. The manual on the other hand is clear: If a user has the privileges SELECT and SHOW VIEW, the view definition is available to that user, period. The fix changes the behavior to support the manual.

Thread
bzr commit into mysql-5.1-bugteam branch (mhansson:3121) Bug#35996Martin Hansson21 Sep