Bug #47718 | SHOW VIEW without SELECT privileges lets a user see a view definition | ||
---|---|---|---|
Submitted: | 29 Sep 2009 15:11 | Modified: | 3 Dec 2010 9:43 |
Reporter: | Martin Hansson | Email Updates: | |
Status: | Duplicate | Impact on me: | |
Category: | MySQL Server: Security: Privileges | Severity: | S3 (Non-critical) |
Version: | 5.0+ | OS: | Any |
Assigned to: | Assigned Account | CPU Architecture: | Any |
[29 Sep 2009 15:11]
Martin Hansson
[29 Sep 2009 15:11]
Martin Hansson
Failing test case
Attachment: bug.test (application/octet-stream, text), 390 bytes.
[29 Sep 2009 16:55]
MySQL Verification Team
Thank you for the bug report.
[2 Dec 2010 22:14]
Sveta Smirnova
See also bug #58677
[3 Dec 2010 9:43]
Guilhem Bichot
This was fixed in 5.5 as part of BUG#27145, which has commit comment: " The patch also fixes privilege checks for: ... - SHOW CREATE VIEW: Requires SHOW_VIEW and SELECT on the table level (just as the manual claims)" I verified that the testcase passes in 5.5 and fails in 5.1.