[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] mysql bug which gives users access to create databases etc.
- Subject: Re: [cobalt-users] mysql bug which gives users access to create databases etc.
- From: "roland" <roland@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon Sep 23 17:10:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> hi
> Can anyone else verify this.
> I came across a bug in Mysql
> $mysql -V
> mysql Ver 11.15 Distrib 3.23.37, for pc-linux-gnu (i686)
>
> if a user has an _ (underscore) in their username, then this user can
> modify (add,delete, select etc) i all databases where the username is
> the same as the user with the _ (it works as a wildcard).
>
> eg. user site_2 can access his own database db_2 but he can also access
> user site22's database db22.
> if the database doesnt exist, then the user can create it (both as
> user_2 and as any other userX2 - where X can be anything).
>
> Is this bug known and does it only apply to the Raq version of MySQL?
>
> --
> Kim Schulz - Freelance Development | When a fly lands on the ceiling,
> Email : kim @ schulz.dk | does it do a half roll or a half
> Tlf : 51904262 | loop?
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
MySQL 3.23.37 is very old, 3.23.52 is latest