This is not a bug. Mysql uses _ as the single-character wildcard, and % as
the multi-character wildcard in pattern matches. This is clearly explained in
the manual <http://dev.mysql.com/doc/mysql/en/grant.html>:
Note: the '_' and '%' wildcards are allowed when specifying database
names in GRANT statements that grant privileges at the global or database
levels. This means, for example, that if you want to use a '_' character
as part of a database name, you should specify it as '\_' in the GRANT
statement, to prevent the user from being able to access additional
databases matching the wildcard pattern; for example, GRANT ... ON
`foo\_bar`.* TO ....
Michael
John Trammell wrote:
I recall seeing this "feature" discussed on Bugtraq a few weeks ago.
IIRC there are updated MySQL versions that fix this bug. What version
of MySQL are you running?
-----Original Message-----
From: Jeroen Bosch [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 29, 2005 6:59 AM
To: mysql@lists.mysql.com
Subject: Underscore functions as a wildcard ?
We stumbled upon the following 'feature' of MySQL:
If, for example user 'x' has a database called 'user_data' he
is able to
create a table called user2data and so on without create privileges.
It looks like the underscore is used as some kind of
wildcard, now is the
question: is this correct or is this something that should not be?
Kind regards,
Jeroen Bosch
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
