Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.1.6
-
None
-
CenOS 7.2
Description
The change database command, used as when using the "use" command from the commandlind or using mysql_select_db() command are not allowed unless there is a rule for that matches the specific name of the database, when using dbfwfilter. One can connect to any database, that is not the problem, but changing the database in the middle of the section requires that there is a rule that allos that specific database. The SQL Command that is parsed seems to be just the name of the database. For example, to allow use of the "use test" command to change to the "test" database, a rule similar to this is required:
rule allow_test deny regex '^test$'
This does not really make sense, as you can still connect to any database that the user has access to, by specifying that when connecting, it is only when changing database that this rule makes any sense.
I would suggest that mysql_select_db() is instead mapped to the string "use <database name>" which would make a lot more sense. Alternatively, this could be ignored and database access being handled by the database server.