===============================================
Bug report -- MySQL v4.05a, binary distribution
===============================================
--------------
Machine specs:
--------------
Compaq Presario desktop
Windows XP Professional SP1
.NET Framework SP2
--------------------
Problem description:
--------------------
The security features of MySQL do not seem to work with Embedded MySQL.
Instead, every user is given full permissions.
-------------
Setup script:
-------------
USE mysql
DELETE FROM user WHERE user='';
DELETE FROM user WHERE user='root' AND host!='localhost';
USE test
CREATE TABLE mytable (a int);
GRANT SELECT ON mytable TO joe@localhost;
GRANT USAGE ON mytable TO jay@localhost;
FLUSH PRIVILEGES;
------------------
Observed behavior:
------------------
Running the mysql.exe client, anonymous users cannot connect to the
database, user 'joe' has read-only access to the table test.mytable, and
user 'jay' as no privileges.
Running the mysql-server.exe host, all users have full privileges.
Additionally, the GRANT statement in mysql-server.exe returns error 1047
("Unknown command").
---------------
Possible cause:
---------------
The function acl_init() which loads the ACL's for each user on startup,
includes a parameter, dont_read_acl_tables, that can be set to true to
skip this step. The purpose of this parameter according to the comments
is to support the --skip-grant command-line option. However, the
mysql_server_init() function hard-codes this parameter value to 1, so
the ACL's never get loaded and every access succeeds.
-----------------------
My contact information:
-----------------------
Matt Solnit <[EMAIL PROTECTED]>
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
