database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

Bug#45412 SHOW CREATE TRIGGER does not require privileges to disclose trigger data

Browse Source 
Added privilege checking to SHOW CREATE TRIGGER code.
This commit is contained in:
Sergey Glukhov
2009-06-25 15:52:50 +05:00
parent f3f137d82c
commit 3393fdf80a
3 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
mysql-test/r/trigger_notembedded.result
View File

@@ -462,4 +462,18 @@ unlock tables;
select * from t1;
i
drop table t1;
CREATE DATABASE db1;
CREATE TABLE db1.t1 (a char(30)) ENGINE=MEMORY;
CREATE TRIGGER db1.trg AFTER INSERT ON db1.t1 FOR EACH ROW
INSERT INTO db1.t1 VALUES('Some very sensitive data goes here');
CREATE USER 'no_rights'@'localhost';
REVOKE ALL ON *.* FROM 'no_rights'@'localhost';
FLUSH PRIVILEGES;
SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS
WHERE trigger_schema = 'db1';
trigger_name
SHOW CREATE TRIGGER db1.trg;
ERROR 42000: Access denied; you need the TRIGGER privilege for this operation
DROP USER 'no_rights'@'localhost';
DROP DATABASE db1;
End of 5.1 tests.