Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Do
-
None
Description
It's not a bug from the coding perspective, but possibly a specification one, or at least a point for consideration.
When server_audit_excl_users or server_audit_incl_users are configured, they (as other variables) are visible to any database user, even the least privileged ones. Thus a user gets access to other users' login names and audit settings which is probably not a good idea in production.
At the moment I don't have any suggestions on how to make it better, I'm not sure if there are any mechanisms to hide a system variable contents from a user.