Bug #4598 Views: Dropping underlying table shows security flaw
Submitted: 18 Jul 2004 21:00 Modified: 21 Jul 2004 21:44
Reporter: Trudy Pelzer Email Updates:
Status: Closed Impact on me:
Category:MySQL Server Severity:S2 (Serious)
Version:5.0.1-alpha-debug OS:Linux (SuSE 8.2)
Assigned to: Oleksandr Byelkin CPU Architecture:Any

[18 Jul 2004 21:00] Trudy Pelzer
If one creates a view (e.g. vt1) on a single underlying base table (e.g. t1), then drops the base table, then selects from the view, MySQL returns the following error message:
ERROR 1146 (42S02): Table 'db77.t1' doesn't exist
That is, the error message reflects the name of the table upon which the view was based, 
rather than the name of the view.

When a view's underlying table is dropped, the view should also be dropped. In this case, 
a select from the view should return:
ERROR 1146 (42S02): Table 'db77.vt1' doesn't exist
Otherwise, a security hole exists: the user of the view should not be made aware of 
(a) the fact that the "table" in use is a view or (b) the name of the table(s) upon which the 
view is based.

How to repeat:
create table t1 (c1 char(5));
create view vt1 as select * from t1;
drop table t1;
select * from t1;
select * from vt1;
[21 Jul 2004 3:27] Oleksandr Byelkin
  1.1717 04/07/21 04:26:20 bell@sanja.is.com.ua +30 -0 
  error message interception (Bug#4598) 
  error handling of view initialization fixed (Bug#4599)
[21 Jul 2004 21:44] Oleksandr Byelkin
Thank you for bug report. Bugfix is pushed into source repository.