https://bugzilla.wikimedia.org/show_bug.cgi?id=48875
MZMcBride <b...@mzmcbride.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sprin...@wikimedia.org
--- Comment #8 from MZMcBride <b...@mzmcbride.com> ---
(In reply to comment #7)
Thank you for doing this research.
> It references a private (ugh) bug, but from the commit summary and comments
> added in the patch it seems that the "problem" being fixed there is that
> allowing EXPLAIN with only SHOW VIEW on the view was allowing people to get
> an estimate of how many rows were in the underlying table. Oh noes!
>
> That patch also points us right at the bit of code that would need to be
> changed if someone wants to try getting the MariaDB people to change this.
Copying Sean P. on this bug as he may be interested in pursuing this.
Getting MariaDB to fix this behavior would be nice if it's just a matter of
"leaking" row count info. We could also run our own MariaDB fork (if we're not
already), but given the Labs data leak... there's probably some understandable
wariness to mucking around with this particular code. :-) I believe Wikimedia
now has additional protections in place to avoid a repeat, even if the views
break and users can perform unfiltered SELECTs.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
