Hello Sergei,
Please review a patch that fixes the problem described in MDEV-7574.
The idea is that a SELECT from a view over a CONNECT table
now checks FILE privileges of the view definer
(unless CREATE VIEW states SQL SECURITY INVOKER).
It looks like a very good idea and gives more possible
Hi, Alexander!
On Feb 17, Alexander Barkov wrote:
>
> From what I understood, FILE_ACL is written (among the other
> privileges) into thd->security_ctx.privilege in
> TABLE_LIST::prepare_security(). In case of a DEFINER view,
> thd->security_ctx.privilege is filled exactly with the definer
> priv
Hi Sergei,
On 02/19/2015 07:12 PM, Sergei Golubchik wrote:
Hi, Alexander!
On Feb 17, Alexander Barkov wrote:
From what I understood, FILE_ACL is written (among the other
privileges) into thd->security_ctx.privilege in
TABLE_LIST::prepare_security(). In case of a DEFINER view,
thd->security_
Hi, Alexander!
On Feb 24, Alexander Barkov wrote:
>
> There is only one problem with that. In case of embedded server
> table->grant.privilege is always 0, because the embedded version
> of check_table_access() is just an empty function.
>
> This change in sql/handler.cc, in handler::ha_external
Hi Sergei,
Sorry for delay, I was busy with 10.1 issues.
Thanks for review. A new patch is attached.
This is a major rewrite since last time.
I think the code now looks much easier to understand.
Please see comments below.
On 04/29/2015 06:44 PM, Sergei Golubchik wrote:
Hi, Alexander!
On Feb
Hi, Alexander!
On Jul 24, Alexander Barkov wrote:
> Hi Sergei,
>
> Sorry for delay, I was busy with 10.1 issues.
That's perfectly fine. And even good - there's little sense to spend
time on 10.0 bugs when the next release in line is 10.1.
> Thanks for review. A new patch is attached.
> This is
Hi Sergei,
On 07/24/2015 10:55 PM, Sergei Golubchik wrote:
Hi, Alexander!
On Jul 24, Alexander Barkov wrote:
Hi Sergei,
Sorry for delay, I was busy with 10.1 issues.
That's perfectly fine. And even good - there's little sense to spend
time on 10.0 bugs when the next release in line is 10.1
Hi, Alexander!
On Jul 24, Alexander Barkov wrote:
> >> Thanks for review. A new patch is attached.
> >> This is a major rewrite since last time.
> >> I think the code now looks much easier to understand.
> >
> > Not really, I couldn't understand what you're trying to do this time :(
> > Besides it
Hi Sergei,
On 07/26/2015 02:13 AM, Sergei Golubchik wrote:
Hi, Alexander!
On Jul 24, Alexander Barkov wrote:
Thanks for review. A new patch is attached.
This is a major rewrite since last time.
I think the code now looks much easier to understand.
Not really, I couldn't understand what you'
Hi, Alexander!
On Jul 26, Alexander Barkov wrote:
> > + if (!table || !table->mdl_ticket || table->mdl_ticket->get_type() ==
> > MDL_EXCLUSIVE)
> > +return check_access(thd, FILE_ACL, db, NULL, NULL, 0, 0);
> > + if (table->grant.privilege & FILE_ACL)
> > +return false;
10 matches
Mail list logo