SecurityFocus

MySQL 5.0 information leak? Jan 20 2006 12:05PM
Bernd Wurst (bernd bwurst org) (2 replies)

RE: MySQL 5.0 information leak? Jan 21 2006 02:17AM
Burton Strauss (Security SmallNetSolutions com) (1 replies)

Re: MySQL 5.0 information leak? Jan 24 2006 11:09AM
Johan De Meersman (jdm operamail com)

Re: MySQL 5.0 information leak? Jan 21 2006 12:30AM
Stephen Frost (sfrost snowman net)

* Bernd Wurst (bernd (at) bwurst (dot) org [email concealed]) wrote:
> I think of this as a security issue because I have user accounts (nss)
> that have publicly available credentials but noone should be able to
> see how the database really is organized.
>
> What do you think of this? Bug?

Probably not but the answer you seek is in the SQL specification.
Information Schema is defined there and it also defines what is allowed
to be seen and by whom. Wanting to hide the database layout from the
users of the database in this way seems quite... confused.

Thanks,

Stephen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD0YDArzgMPqB3kigRAntcAJ9FvEoL9ZPgXInIDrh0C9oWzjpYnQCeLCDK
RgS6zLodxd1NkqG7o6czKWo=
=nAfc
-----END PGP SIGNATURE-----

[ reply ]