Re: MySQL 5.0 information leak?

To: Bernd Wurst <bernd@xxxxxxxxxx>
Subject: Re: MySQL 5.0 information leak?
From: Stephen Frost <sfrost@xxxxxxxxxxx>
Date: Fri, 20 Jan 2006 19:30:57 -0500
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <200601201305.04525@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: Bernd Wurst <bernd@xxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200601201305.04525@xxxxxxxxxx>
User-agent: Mutt/1.5.9i

* Bernd Wurst (bernd@xxxxxxxxxx) wrote:
> I think of this as a security issue because I have user accounts (nss) 
> that have publicly available credentials but noone should be able to 
> see how the database really is organized. 
> 
> What do you think of this? Bug?

Probably not but the answer you seek is in the SQL specification.
Information Schema is defined there and it also defines what is allowed
to be seen and by whom.  Wanting to hide the database layout from the
users of the database in this way seems quite... confused.

        Thanks,

                Stephen

Attachment: signature.asc
Description: Digital signature

References:
- MySQL 5.0 information leak?
  - From: Bernd Wurst

Prev by Date: CodeCon program announced, early registration deadline nearing
Next by Date: [USN-245-1] KDE library vulnerability
Previous by thread: Re: MySQL 5.0 information leak?
Next by thread: Re: MySQL 5.0 information leak?
Index(es):
- Date
- Thread