Description:
Hi,

I created a new User ("WebUser") and gave him only rights on a create database of mine ("avanti"), but on none of the system databases(MySql,test, information_schema), because the user is to be used by a Web Application of mine, If someody hacks my Web App he should not be able to see any of the System Databases.

When I open the MySql Administrator 1.1.9 and log on as "WebUser" and look at the catalogs, I can see the information_schema catalog and can see the data of the tables. 

Thank you,

Yours Sincerely,

How to repeat:
Create a New User, give him only previliges on a user created database and on none of the system databases. Connect as the new created user and look at the Catalogs. I can then see the information_schema database in the list.

Suggested fix:
Don't know

Please, read the manual (http://dev.mysql.com/doc/refman/5.0/en/information-schema.html):

"There is no difference between the privileges required for SHOW statements and those required to select information from INFORMATION_SCHEMA. In either case, you have to have some privilege on an object in order to see information about it.

The implementation for the INFORMATION_SCHEMA table structures in MySQL follows the ANSI/ISO SQL:2003 standard Part 11 Schemata. Our intent is approximate compliance with SQL:2003 core feature F021 Basic information schema."

So, check again and if you can get metadata for the tables from the other database, you have no grants for, then it sounds like a bug. But access to INFORMATION_SCHEMA in general is granted to every user.

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".