what is so bad at seeing the table structure? i mean to work with the table, you need to know the fields and their types to avoid syntax errors. and what should happen on a SELECT * FROM...? do you want to see nothing, because it would let the user know about the structure, or all fields, as normal? or what about sql admin progs like phpmyadmin? i think they rely on getting all the fields to show a table.
i've heard about table views in mysql 5. would that already be a solution for that? -yves -----Ursprüngliche Nachricht----- Von: "Rudy Metzger" <[EMAIL PROTECTED]> An: <[EMAIL PROTECTED]> Gesendet: Montag, 4. August 2003 14:50 Betreff: RE: Security related! Not possible to hide table structure. I couldn't find..... ? If you give access rights to a user on a DB, he will always be able to see the table structure. This is how it is implemented in MySQL (which does not mean that I like this). Cheers /rudy -----Original Message----- From: QWERTY [mailto:[EMAIL PROTECTED] Sent: maandag 4 augustus 2003 14:47 To: [EMAIL PROTECTED] Subject: Security related! Not possible to hide table structure. I couldn't find..... ? Hello, Think that we have a database named DATABASE1, and table named TABLE1, and fields named FIELD1, FIELD1,FIELD2,FIELD3,FIELD4 You want to give a specific permission to a user named USER1 For ex, you give only SELECT permission to USER1 for FIELD1 and FIELD4 in TABLE1 and DATABASE1. and you did not assign any other permission to USER1. Now everything is OK! USER1 can only select FIELD1 and FIELD4, and can not see data or change or etc.. to FIELD2 or FIELD3.. So we think that everything is OK! But, USER1 is still able to see the table structure of TABLE1. He see fields which i don't want him to see! As i searched internet related to this topic i couldn't find any satistfactory solution to this one. Anyone has idea to prevent USER1 to be able to see table structure and only permission to SELECT FIELD1 and FIELD4 as i assigned? Also there should be some default error message for these users when they try to select from another field. why? Because if my first question gets answered and solved, then, USER1 can try to SELECT FIELD3 FROM TABLE1.. .and it will say something like "you have no permission for FIELD3" insted of this, it can be "This field does not exist".. Thanks. QWERTY ____________________________________________________ <http://www.incredimail.com/redir.asp?ad_id=309&lang=9> IncrediMail - Email has finally evolved - Click Here <http://www.incredimail.com/redir.asp?ad_id=309&lang=9> -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
