[MDEV-6382] ANALYZE $stmt and security - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Fix Version/s: 10.1.4
Component/s: Optimizer
Labels:
- analyze-stmt

Description

(filing this based on discussion with Sanja)

EXPLAIN has a special relationship with security. EXPLAIN over query with
VIEWs will expose information about the structure of the VIEWs. Because of this, EXPLAIN checks SHOW_VIEW_ACL for every view it opens (code-wise, this is done in open_table)

ANALYZE-statement produces EXPLAIN output, so it should require the same permissions. It needs to also require permissions that are needed for execution.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

mdev6382_after.test
167 kB
2014-11-14 14:48
mdev6382_before.test
186 kB
2014-11-14 14:48

Issue Links

relates to

MDEV-6388 ANALYZE $stmt output in the slow query log

Closed

MDEV-7025 ANALYZE SELECT/INSERT/UPDATE/DELETE from a view does not check access permissions on the underlying table

Closed

MDEV-7027 ANALYZE SELECT/INSERT/UPDATE/DELETE from a view does not check SHOW permission on the view

Closed

MDEV-406 ANALYZE $stmt

Closed

Activity

People

Assignee:: Sergei Petrunia

Reporter:: Sergei Petrunia

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2014-06-25 09:57

Updated:: 2015-04-09 16:47

Resolved:: 2015-04-09 16:47

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.