User with access to single database can use any test_xxxx database.
MySQL Version: 5.5.18-log
A user created with access to a single database has access to ANY database that starts with test (e.g. test_mydatabase) even though no specific permissions were give to them.
How to Replicate:
1) create a test_database.
2) create a user specific database (e.g. myuser_database).
3) create a new user (newuser) with access to ONLY database myuser_database.
4) login as newuser.
5) show databases.
6) use test_database
7) create a table to prove point.
Log:
=====
root@localhost [(none)] > create database myuser_database;
Query OK, 1 row affected (0.04 sec)
root@localhost [(none)] > grant all on myuser_database.* to newuser@'localhost' identified by 'testpassword';
Query OK, 0 rows affected (0.01 sec)
root@localhost [(none)] > \q
Bye
[root]# mysql -unewuser -ptestpassword
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 206415
Server version: 5.5.18-log MySQL Community Server (GPL)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
newuser@localhost [(none)] > show databases;
+---------------------+
| Database |
+---------------------+
| information_schema |
| myuser_database |
| test |
| test_database |
+---------------------+
5 rows in set (0.00 sec)
newuser@localhost [(none)] > use test_database;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
newuser@localhost [test_database] > create table provemy_point (myint int, myvarchar varchar(100)) engine=innodb;
Query OK, 0 rows affected (0.02 sec)
newuser@localhost [test_database] > show tables like 'prove%';
+--------------------------------------+
| Tables_in_test_database (prove%) |
+--------------------------------------+
| provemy_point |
+--------------------------------------+
1 row in set (0.00 sec)
newuser@localhost [test_database] > insert into provemy_point values (100,'see how this works?');
Query OK, 1 row affected (0.00 sec)
newuser@localhost [test_database] > insert into provemy_point values (101,'even though i dont have permissions');
Query OK, 1 row affected, 1 warning (0.00 sec)
newuser@localhost [test_database] > insert into provemy_point values (102,'i can still do what i want here.'); Query OK, 1 row affected, 1 warning (0.00 sec)
newuser@localhost [test_database] > select * from provemy_point;
+-------+-------------------------------------+
| myint | myvarchar |
+-------+-------------------------------------+
| 100 | see how this works? |
| 101 | even though i dont have permissions |
| 102 | i can still do what i want here. |
+-------+-------------------------------------+
3 rows in set (0.00 sec)
Does anyone have a reason why this should happen? Surely it is a bug?
All feedback appreciated.
Regards
Clive
Subject
Views
Written By
Posted
User with access to single database can use any test_xxxx database.
3060
October 07, 2012 02:48PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.