List:Commits« Previous MessageNext Message »
From:Martin Hansson Date:September 21 2009 12:29pm
Subject:bzr commit into mysql-5.1-bugteam branch (mhansson:3121) Bug#35996
View as plain text  
#At file:///data0/martin/bzr/bug35996/5.1bt/

 3121 Martin Hansson	2009-09-21
      Bug#35996: Security Breach In Smashed TEMPTABLE Views
      During SHOW CREATE VIEW there is no reason to 'anonymize' errors that name objects that a user does not have access to. Moreover it was inconsistently implemented. For example base tables being referenced from a view appear to be ok, but not views. The manual on the other hand is clear: If a user has the privileges SELECT and SHOW VIEW, the view definition is available to that user, period. The fix changes the behavior to support the manual.

bzr commit into mysql-5.1-bugteam branch (mhansson:3121) Bug#35996Martin Hansson21 Sep