Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
N/A
-
None
Description
The general problem isn't new, see MDEV-32500 for some other examples (if it's indeed a problem at all, it remains to be confirmed or not).
If it is a problem, it appears that it affects only some I_S views, so possibly it has to be fixed on case-by-case basis; then it should definitely be fixed for new views before they are released. If, on the other hand, the fix is generic for all cases, then this issue can be closed as a duplicate of MDEV-32500.
create database db; |
create table db.t (a int, b date, c date, f int, period for app(b,c), primary key(a, app without overlaps)); |
|
create user u@localhost; |
grant select (f) on db.t to u@localhost; |
|
--connect (con1,localhost,u,,db)
|
select period, start_column_name, end_column_name from information_schema.periods where table_name = 't'; |
select constraint_name, period_name from information_schema.key_period_usage where table_name = 't'; |
|
# Cleanup
|
--disconnect con1
|
--connection default
|
drop user u@localhost; |
drop database db; |
Actual result, bb-11.3-periods-schema 24018c74fae6e5a93b93c2efefd60bde4ad1488e |
select period, start_column_name, end_column_name from information_schema.periods where table_name = 't'; |
period start_column_name end_column_name
|
app NULL NULL |
select constraint_name, period_name from information_schema.key_period_usage where table_name = 't'; |
constraint_name period_name
|
PRIMARY app |
Since the user isn't allowed to see the table structure or any columns involved into the period, I would expect both queries to return empty set.
Attachments
Issue Links
- is caused by
-
MDEV-22597 Add views for periods in information_schema
- Closed
- relates to
-
MDEV-32500 Information schema leaks table names and structure to unauthorized users
- Closed