← Back to team overview

maria-developers team mailing list archive

Re: c48b190824a: Fixed error messages from DROP VIEW to align with DROP TABLE

 

Hi!

On Sat, Jun 13, 2020 at 5:37 PM Sergei Golubchik <serg@xxxxxxxxxxx> wrote:

<cut>

> >  DROP VIEW IF EXISTS t1;
> >  Warnings:
> > +Warning      1347    'test.t1' is not of type 'VIEW'
>
> please, add a test for the case when a user has no privileges on
> test.t1, the object existence is not leaked out (if one has no
> privileges to know whether t1 exists or whether t1 is a view or a table,
> the error message should not divulge it).
>
> (the same for tables and for sequences in your next commit)

I was about to create a test do that, but then I started to think that
we only have a drop
privilege that works for 'anything with this name This means that if
one is allowed to drop a view named
't1', one is also allowed to drop a table named t1.

This also means that I don't know what to add to the test.  The
privileges are checked first and
if one tries to drop an object that one is not allowed to access, one
will get an error before DROP VIEW code
is executed.
When in DROP, either DROP SEQUENCES, DROP VIEW or DROP TABLE no
privilege checking is made.
This means that a user can always find out if there is an object of a
certain type by executing one of the above drops.
In other mens, there is nothing to hide in DROP VIEW that the user
can't find out anyway.

Regards,
Monty


References