Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11152
HistoryJan 22, 2006 - 12:00 a.m.

MySQL 5.0 information leak?

2006-01-2200:00:00
vulners.com
7
JSON

Hi.

I just upgraded to mysql 5.0.18 and started using all those cool new
features. :)

But concerning VIEWs, I think the information_schema is too verbose to
the user. I started creating a VIEW that searches information from
several tables, mangles the data and gives the user a clean table with
his data. So far, so good.

But I only give the user access to this VIEW, so he cannot see what's
done to get his data from several tables.

SHOW CREATE VIEW myview;
does (correctly) result in an error that the user is not allowed to see
the CREATE VIEW.

But SELECT * FROM information_schema.views; returns the full query that
ceates the desired VIEW.

I think of this as a security issue because I have user accounts (nss)
that have publicly available credentials but noone should be able to
see how the database really is organized.

What do you think of this? Bug?

cu, Bernd


Windows Error 019: User error. It's not our fault. Is not! Is not!

JSON