Bug #50092 RFE: New privileges - GRANT SHOW CREATE (TABLE|ROUTINE|TRIGGER)
Submitted: 5 Jan 2010 16:54 Modified: 29 Nov 2010 13:07
Reporter: Kevin Benton Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any

[5 Jan 2010 16:54] Kevin Benton 
Description:
A user that has SELECT can see the table definition for a FEDERATED storage engine table along with other table types.  This can be problematic if that definition includes a password and may give the user access that he/she is not supposed to have.  Showing users how a routine is defined may give the user too much detail on how the routine works and may give them cause to re-write portions for their own use that may not be compatible with design goals.  I don't see an immediate problem with showing triggers, but if we're going this far, why not go "the rest of the way."

How to repeat:
See description.

Suggested fix:
See description.
[29 Nov 2010 13:07] Susanne Ebrecht 
Many thanks for writing a reasonable feature request.