Bug#17254: Error for DEFINER security on VIEW provides too much info
If a view was created with the DEFINER security and later the definer user was dropped then a SELECT from the view throws the error message saying that there is no definer user is registered. This is ok for a root but too much for a mere user. Now the st_table_list::prepare_view_securety_context() function reveals the absence of the definer only to a superuser and throws the 'access denied' error to others. mysql-test/t/view_grant.test: Added a test case for bug#17254: Error for DEFINER security on VIEW provides too much info mysql-test/r/view_grant.result: Added a test case for bug#17254: Error for DEFINER security on VIEW provides too much info sql/table.cc: Bug#17254: Error for DEFINER security on VIEW provides too much info Now the st_table_list::prepare_view_securety_context() function reveals the absence of the definer only to a superuser and throws the 'access denied' error to others.
Showing
Please register or sign in to comment