non-priviledged user can insert and update rdb$database
-------------------------------------------------------
Key: CORE-4359
URL: http://tracker.firebirdsql.org/browse/CORE-4359
Project: Firebird Core
Issue Type: Bug
Affects Versions: 3.0 Alpha 2, 3.0 Alpha 1, 2.5.2 Update 1, 2.1.5 Update 1,
2.5.2, 2.1.5, 2.5.1, 2.1.4, 2.5.0, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.5.3, 2.1.6
Reporter: Simonov Denis
SQL> connect 'localhost:test' user 'sysdba' password 'masterkey';
Database: 'localhost:test', User: sysdba
SQL> create user bob password 'bob';
SQL> connect 'localhost:test' user 'bob' password 'bob';
Commit current transaction (y/n)?y
Committing.
Database: 'localhost:test', User: bob
SQL> insert into rdb$database(rdb$security_class) values(''); <-- Why?
SQL> commit;
SQL> select count(*) from rdb$database;
COUNT
=====================
2
SQL> delete from rdb$database;
Statement failed, SQLSTATE = 42000 <!-- OK
DELETE operation is not allowed for system table RDB$DATABASE
SQL> update rdb$database set rdb$security_class = null; <-- Why
SQL> commit;
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
