RE: Bug report: Embedded MySQL version 4.05a
Hi Paul! Thank you for the quick response. Indeed, we expect it to work otherwise. In our application, users are authenticated by the operating system, but we were hoping to use the built-in authorization of MySql instead of developing our own. Our strategy is to automatically add users to MySql as they are given to us by the OS and assign permissions to tables using these users. Does that seem reasonable? Thank you! Henry. -Original Message- From: Paul DuBois [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 9:09 PM To: Matt Solnit; Heikki Tuuri; [EMAIL PROTECTED] Cc: Henry Bequet Subject: Re: Bug report: Embedded MySQL version 4.05a At 15:39 -0800 12/10/02, Matt Solnit wrote: === Bug report -- MySQL v4.05a, binary distribution === -- Machine specs: -- Compaq Presario desktop Windows XP Professional SP1 .NET Framework SP2 Problem description: The security features of MySQL do not seem to work with Embedded MySQL. Instead, every user is given full permissions. Would you expect otherwise? If you have the embedded server linked into an application, it's expected that the application will have full control over the server and can do anything with any of its databases. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Bug report: Embedded MySQL version 4.05a
=== Bug report -- MySQL v4.05a, binary distribution === -- Machine specs: -- Compaq Presario desktop Windows XP Professional SP1 .NET Framework SP2 Problem description: The security features of MySQL do not seem to work with Embedded MySQL. Instead, every user is given full permissions. - Setup script: - USE mysql DELETE FROM user WHERE user=''; DELETE FROM user WHERE user='root' AND host!='localhost'; USE test CREATE TABLE mytable (a int); GRANT SELECT ON mytable TO joe@localhost; GRANT USAGE ON mytable TO jay@localhost; FLUSH PRIVILEGES; -- Observed behavior: -- Running the mysql.exe client, anonymous users cannot connect to the database, user 'joe' has read-only access to the table test.mytable, and user 'jay' as no privileges. Running the mysql-server.exe host, all users have full privileges. Additionally, the GRANT statement in mysql-server.exe returns error 1047 (Unknown command). --- Possible cause: --- The function acl_init() which loads the ACL's for each user on startup, includes a parameter, dont_read_acl_tables, that can be set to true to skip this step. The purpose of this parameter according to the comments is to support the --skip-grant command-line option. However, the mysql_server_init() function hard-codes this parameter value to 1, so the ACL's never get loaded and every access succeeds. --- My contact information: --- Matt Solnit [EMAIL PROTECTED] - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Bug report: Embedded MySQL version 4.05a
At 15:39 -0800 12/10/02, Matt Solnit wrote: === Bug report -- MySQL v4.05a, binary distribution === -- Machine specs: -- Compaq Presario desktop Windows XP Professional SP1 .NET Framework SP2 Problem description: The security features of MySQL do not seem to work with Embedded MySQL. Instead, every user is given full permissions. Would you expect otherwise? If you have the embedded server linked into an application, it's expected that the application will have full control over the server and can do anything with any of its databases. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
