Bug #62664 | update privilege consist of show databases privilege | ||
---|---|---|---|
Submitted: | 10 Oct 2011 6:01 | Modified: | 10 Oct 2011 8:14 |
Reporter: | h ch | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | MySQL Server: Security: Privileges | Severity: | S3 (Non-critical) |
Version: | 5.0,5.1 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | show databases privilege, update privilege |
[10 Oct 2011 6:01]
h ch
[10 Oct 2011 8:14]
Valeriy Kravchuk
You had granted UPDATE on *.*, that is, global, on any table in any database. Now, read the manual, http://dev.mysql.com/doc/refman/5.5/en/privileges-provided.html#priv_show-databases: "The SHOW DATABASES privilege enables the account to see database names by issuing the SHOW DATABASE statement. Accounts that do not have this privilege see only databases for which they have some privileges, and cannot use the statement at all if the server was started with the --skip-show-database option. Note that any global privilege is a privilege for the database." So, you see databases for which you have UPDATE privilege (all of them, that is). This is not a bug.