Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.4.5
-
None
Description
The CAST function allows one to see the contents of a masked column.
Consider the following example where masking is set up to mask the column `SSN`.
A normal SELECT of this column shows it masked:
MariaDB [(none)]> SELECT SSN FROM employees.employees;
|
+-------------+
|
| SSN |
|
+-------------+
|
| *********** |
|
+-------------+
|
And a SELECT using a function like CAT() shows it is properly blocked (with prevent_function_usage=1 (true), the default):
MariaDB [(none)]> SELECT CAT(SSN) FROM employees.employees;
|
ERROR 1141 (HY000): The function CAT is used in conjunction with a field that should be masked for 'root'@'::ffff:127.0.0.1', access is denied.
|
However, when we use CAST, it returns the value:
MariaDB [(none)]> SELECT CAST(SSN as CHAR) FROM employees.employees;
|
+-------------------+
|
| CAST(SSN as CHAR) |
|
+-------------------+
|
| 123-45-6789 |
|
+-------------------+
|