GRANT privileges should check for db.table existence

GRANT privileges should check for db.table existence

am 27.05.2009 02:38:11 von Daevid Vincent

I'm a little concerned and disappointed that the GRANT command doesn't do
any sort of checking (like a foreign key for example) to verify that the
database and table exist?!

I get the case of *.* but it seems crazy to me that it would allow foo.bar
when neither a database named 'foo' nor a table named 'bar' even exist?!?!

Clearly the GRANT command is a special case/tool that should have this
ability and throw an error or prevent this.

If for some reason, this blind insertion is needed for some flexibility say
with temporary tables or something that doesn't exist, then perhaps that
should be a switch/parameter to the command to 'over-ride' the checking and
allow the GRANT (after all, it's just an insert/update/delete statement when
it all boils down to the mysql.user table). In fact, that COULD be the way
these "special case people" get around using GRANT, just insert what they
want directly into mysql.user,host,table, etc. and FLUSH PRIVILEGES.


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org

Re: GRANT privileges should check for db.table existence

am 27.05.2009 07:51:04 von Johan De Meersman

--001636c5bf44d383d1046ade6ddf
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

*shrugs* I, for one, appreciate a tool that doesn't try to be smarter than I
am. If I want to be treated like an idiot, I'll use microsoft software.


On Wed, May 27, 2009 at 2:38 AM, Daevid Vincent wrote:

> I'm a little concerned and disappointed that the GRANT command doesn't do
> any sort of checking (like a foreign key for example) to verify that the
> database and table exist?!
>
> I get the case of *.* but it seems crazy to me that it would allow foo.bar
> when neither a database named 'foo' nor a table named 'bar' even exist?!?!
>
> Clearly the GRANT command is a special case/tool that should have this
> ability and throw an error or prevent this.
>
> If for some reason, this blind insertion is needed for some flexibility say
> with temporary tables or something that doesn't exist, then perhaps that
> should be a switch/parameter to the command to 'over-ride' the checking and
> allow the GRANT (after all, it's just an insert/update/delete statement
> when
> it all boils down to the mysql.user table). In fact, that COULD be the way
> these "special case people" get around using GRANT, just insert what they
> want directly into mysql.user,host,table, etc. and FLUSH PRIVILEGES.
>
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: http://lists.mysql.com/mysql?unsub=vegivamp@tuxera.be
>
>


--
Celsius is based on water temperature.
Fahrenheit is based on alcohol temperature.
Ergo, Fahrenheit is better than Celsius. QED.

--001636c5bf44d383d1046ade6ddf--