Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2851

CAST Function displays contents of Masked column

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 2.4.5
    • 2.3.17, 2.4.7
    • masking
    • None

    Description

      The CAST function allows one to see the contents of a masked column.

      Consider the following example where masking is set up to mask the column `SSN`.

      A normal SELECT of this column shows it masked:

      MariaDB [(none)]> SELECT SSN FROM employees.employees;
      +-------------+
      | SSN         |
      +-------------+
      | *********** |
      +-------------+
      

      And a SELECT using a function like CAT() shows it is properly blocked (with prevent_function_usage=1 (true), the default):

      MariaDB [(none)]> SELECT CAT(SSN) FROM employees.employees;
      ERROR 1141 (HY000): The function CAT is used in conjunction with a field that should be masked for 'root'@'::ffff:127.0.0.1', access is denied.
      

      However, when we use CAST, it returns the value:

      MariaDB [(none)]> SELECT CAST(SSN as CHAR) FROM employees.employees;
      +-------------------+
      | CAST(SSN as CHAR) |
      +-------------------+
      | 123-45-6789       |
      +-------------------+
      

      Attachments

        Activity

          People

            johan.wikman Johan Wikman
            ccalender Chris Calender (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.