1. 26 May, 2006 2 commits
    • gkodinov@mysql.com's avatar
      Merge mysql.com:/home/kgeorge/mysql/5.0/clean · 7552d8d9
      gkodinov@mysql.com authored
      into  mysql.com:/home/kgeorge/mysql/5.0/B18681
      7552d8d9
    • gkodinov@mysql.com's avatar
      BUG#18681: View privileges are broken · a21a2b5b
      gkodinov@mysql.com authored
      The check for view security was lacking several points :
      1. Check with the right set of permissions : for each table ref that
      participates in a view there were the right credentials to use in it's
      security_ctx member, but these weren't used for checking the credentials.
      This makes hard enforcing the SQL SECURITY DEFINER|INVOKER property
      consistently.
      2. Because of the above the security checking for views was just ruled out
      in explicit ways in several places.
      3. The security was checked only for the columns of the tables that are
      brought into the query from a view. So if there is no column reference
      outside of the view definition it was not detecting the lack of access to
      the tables in the view in SQL SECURITY INVOKER mode.
      
      The fix below tries to fix the above 3 points.
      a21a2b5b
  2. 25 May, 2006 5 commits
  3. 24 May, 2006 12 commits
  4. 23 May, 2006 16 commits
  5. 22 May, 2006 5 commits