Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2851

CAST Function displays contents of Masked column

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.5
    • Fix Version/s: 2.3.17, 2.4.7
    • Component/s: masking
    • Labels:
      None

      Description

      The CAST function allows one to see the contents of a masked column.

      Consider the following example where masking is set up to mask the column `SSN`.

      A normal SELECT of this column shows it masked:

      MariaDB [(none)]> SELECT SSN FROM employees.employees;
      +-------------+
      | SSN         |
      +-------------+
      | *********** |
      +-------------+
      

      And a SELECT using a function like CAT() shows it is properly blocked (with prevent_function_usage=1 (true), the default):

      MariaDB [(none)]> SELECT CAT(SSN) FROM employees.employees;
      ERROR 1141 (HY000): The function CAT is used in conjunction with a field that should be masked for 'root'@'::ffff:127.0.0.1', access is denied.
      

      However, when we use CAST, it returns the value:

      MariaDB [(none)]> SELECT CAST(SSN as CHAR) FROM employees.employees;
      +-------------------+
      | CAST(SSN as CHAR) |
      +-------------------+
      | 123-45-6789       |
      +-------------------+
      

        Attachments

          Activity

            People

            Assignee:
            johan.wikman Johan Wikman
            Reporter:
            ccalender Chris Calender
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: