Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.0, 10.1, 10.2, 10.3
-
None
Description
DROP DATABASE IF EXISTS `a`; |
DROP DATABASE IF EXISTS `a.b`; |
CREATE DATABASE `a.b`; |
CREATE FUNCTION `a.b`.`c`() RETURNS INT RETURN 10; |
SELECT `a.b`.`c`(), `a`.`b.c`(); |
+-------------+-------------+
|
| `a.b`.`c`() | `a`.`b.c`() |
|
+-------------+-------------+
|
| 10 | 10 |
|
+-------------+-------------+
|
Notice, the function is accessible with two names:
- Database `a.b` function `c`
- Database `a` function `b.c`
The function created as `a.b`.`c`() should not be available as `a`.`b.c`().
Looks like a potential security hole.