Trafodion

Anyone can perform a SHOWDDL USER command

Bug #1414234 reported by Roberta Marton on 2015-01-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Trafodion	Fix Released	High	Cliff Gray	Trafodion r1.1

Anyone can perform the following SHOWDDL commands even if they have no privileges:

SHOWDDL COMPONENT
SHOWDDL FUNCTION
SHOWDDL PROCEDURE
SHOWDDL ROLE
SHOWDDL SCHEMA
SHOWDDL SEQUENCE
SHOWDDL USER

Only users that have the appropriate privilege should be able to execute the command.

Also, support for SHOWDDL LIBRARY is missing.

Tags:

Roberta Marton (roberta-marton) on 2015-01-23

Changed in trafodion:
assignee:	nobody → Roberta Marton (roberta-marton)
importance:	Undecided → High
milestone:	none → r1.1
tags:	added: sql-security

Cliff Gray (cliff-gray) on 2015-01-26

Changed in trafodion:
assignee:	Roberta Marton (roberta-marton) → Cliff Gray (cliff-gray)

Cliff Gray (cliff-gray) on 2015-02-10

Changed in trafodion:
status:	New → In Progress

Revision history for this message

Paul Low (paul-low-x) wrote on 2015-03-03:

Found an issue while verifying this fix. See Bug #1427869.

Revision history for this message

Cliff Gray (cliff-gray) wrote on 2015-03-13:

Bug 1427869 fixed, this bug now complete as of change 1296.

Changed in trafodion:
status:	In Progress → Fix Committed

Revision history for this message

Paul Low (paul-low-x) wrote on 2015-03-31:

verified on 0327 build

Changed in trafodion:
status:	Fix Committed → Fix Released

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.