Description:
If a user is only granted access on particular columns of a table, a SELECT * query actually tells the user that they don't have access to the other specific columns. In other words, it gives information about what the user does not have access to.
This is inconsistent. Example on the db level: a user does not have access to the foo database, it will see "access denied" regardless of whether the foo db exists or not. That is correct: no info, even on the existence, if the user no access!
The same applies to tables.
And it should work the same way for columns.
How to repeat:
(load "world" db)
GRANT SELECT (continent) ON world.country TO coluser@localhost;
SELECT * FROM country;
Error: select command denied to user 'coluser'@'localhost' for column 'Code' in table 'country'
(I don't have access any columns other than "Continent", but now the server tells me that a column "Code" exists - too much info!)
SHOW CREATE TABLE country;
CREATE TABLE `country` (
`Code` char(3) NOT NULL default '',
`Name` char(52) NOT NULL default '',
`Continent` enum('Asia','Europe','North America','Africa','Oceania','Antarctica','South America') NOT NULL default 'Asia',
`Region` char(26) NOT NULL default '',
`SurfaceArea` float(10,2) NOT NULL default '0.00',
`IndepYear` smallint(6) default NULL,
`Population` int(11) NOT NULL default '0',
`LifeExpectancy` float(3,1) default NULL,
`GNP` float(10,2) default NULL,
`GNPOld` float(10,2) default NULL,
`LocalName` char(45) NOT NULL default '',
`GovernmentForm` char(45) NOT NULL default '',
`HeadOfState` char(60) default NULL,
`Capital` int(11) default NULL,
`Code2` char(2) NOT NULL default '',
PRIMARY KEY (`Code`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1
(eep! I only have access to the one column, yet I can see the structure of the entire table!)
Suggested fix:
a) Make error msgs consistent/safe
b) And don't allow SHOW CREATE TABLE unless user has access to the whole table.
Description: If a user is only granted access on particular columns of a table, a SELECT * query actually tells the user that they don't have access to the other specific columns. In other words, it gives information about what the user does not have access to. This is inconsistent. Example on the db level: a user does not have access to the foo database, it will see "access denied" regardless of whether the foo db exists or not. That is correct: no info, even on the existence, if the user no access! The same applies to tables. And it should work the same way for columns. How to repeat: (load "world" db) GRANT SELECT (continent) ON world.country TO coluser@localhost; SELECT * FROM country; Error: select command denied to user 'coluser'@'localhost' for column 'Code' in table 'country' (I don't have access any columns other than "Continent", but now the server tells me that a column "Code" exists - too much info!) SHOW CREATE TABLE country; CREATE TABLE `country` ( `Code` char(3) NOT NULL default '', `Name` char(52) NOT NULL default '', `Continent` enum('Asia','Europe','North America','Africa','Oceania','Antarctica','South America') NOT NULL default 'Asia', `Region` char(26) NOT NULL default '', `SurfaceArea` float(10,2) NOT NULL default '0.00', `IndepYear` smallint(6) default NULL, `Population` int(11) NOT NULL default '0', `LifeExpectancy` float(3,1) default NULL, `GNP` float(10,2) default NULL, `GNPOld` float(10,2) default NULL, `LocalName` char(45) NOT NULL default '', `GovernmentForm` char(45) NOT NULL default '', `HeadOfState` char(60) default NULL, `Capital` int(11) default NULL, `Code2` char(2) NOT NULL default '', PRIMARY KEY (`Code`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 (eep! I only have access to the one column, yet I can see the structure of the entire table!) Suggested fix: a) Make error msgs consistent/safe b) And don't allow SHOW CREATE TABLE unless user has access to the whole table.