| Bug #19947 | Returning inconsistent error messages when accessing non-existent objects | ||
|---|---|---|---|
| Submitted: | 19 May 2006 17:14 | Modified: | 23 Jan 2013 12:43 |
| Reporter: | Erica Moss | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server: Errors | Severity: | S3 (Non-critical) |
| Version: | 5.0.21-community-nt | OS: | Windows (win32 - XP SP2) |
| Assigned to: | CPU Architecture: | Any | |
[23 Jan 2013 12:43]
Paul DuBois
Noted in 5.7.1 changelog. If a user attempted to access a nonexistent column for which the user had no access, the server returned an error indicating that the column did not exist. Now the server returns an error indicating that the user does not have privileges for the column, which provides no information about column existence.
Description: This a not a huge problem but more a matter of consistency. In general we follow the rule that if a user tries to access a non-existant object within his privilege grant/level we tell the user that the object doesn't exist. If it is outside of his grant/level we tell him he doesn't have the right to access the object. One exception I've found to this is at the level of column access, where we tell the user it doesn't exist (unknown) even if the user doesn't have any rights to that column. This should be changed to conform to the other model. How to repeat: #################### # Do as root CREATE DATABASE foo; CREATE TABLE foo.foo_table (c1 INT); GRANT SELECT (C1) ON foo.foo_table TO test_user@localhost IDENTIFIED BY 'test_user'; ##################### # Log in as test_user SELECT bar FROM foo.foo_table; # RESULTS # ERROR 1054 (42S22): Unknown column 'bar' in 'field list' Suggested fix: suggest changing this to conform to the already established model for handling this case. Something like this: ERROR XXxx (XXXxxx): SELECT command denied to user 'test_user'@'localhost' for column 'bar'