Anyone can perform a SHOWDDL USER command
Bug #1414234 reported by
Roberta Marton
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Trafodion |
Fix Released
|
High
|
Cliff Gray |
Bug Description
Anyone can perform the following SHOWDDL commands even if they have no privileges:
SHOWDDL COMPONENT
SHOWDDL FUNCTION
SHOWDDL PROCEDURE
SHOWDDL ROLE
SHOWDDL SCHEMA
SHOWDDL SEQUENCE
SHOWDDL USER
Only users that have the appropriate privilege should be able to execute the command.
Also, support for SHOWDDL LIBRARY is missing.
Changed in trafodion: | |
assignee: | nobody → Roberta Marton (roberta-marton) |
importance: | Undecided → High |
milestone: | none → r1.1 |
tags: | added: sql-security |
Changed in trafodion: | |
assignee: | Roberta Marton (roberta-marton) → Cliff Gray (cliff-gray) |
Changed in trafodion: | |
status: | New → In Progress |
To post a comment you must log in.
Found an issue while verifying this fix. See Bug #1427869.