> On 11.05.2018 18:01, Tatsuo Ishii wrote: >> Plus checking username is neccessary (otherwise any user could >> retrieve a cache for a table lookup which is not permitted by other >> users). > > as the tables a cached query operated on is known anyway -- it's > needed > to purge cache entries when table content changes -- schema and table > level SELECT privileges can be checked ... I'm not fully sure about > how MySQL handles its column level privileges in that respect, > something > I'd need to try out ...
I am not talking about cache invalidation. If a cache entry is created for a table which is only accessable by user A, the cache entry should be hit for only A, not someone else. Otherwise it will be a serious security problem. Best regards, -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese:http://www.sraoss.co.jp
