trino icon indicating copy to clipboard operation
trino copied to clipboard

Published 20 hours ago verified publisher icon trinodb

Check catalog & schema access in USE statement

Open huberty89 opened this issue 2 years ago • 0 comments

Description

This PR add checks if user has an access to catalog and schema in USE statement.

Related issues, pull requests, and links

  • Fixes https://github.com/trinodb/trino/issues/14208

Non-technical explanation

USE statement could be used to guess the catalogs and schemas names that the user has no access to.

Release notes

( ) This is not user-visible or docs only and no release notes are required. ( ) Release notes are required, please propose a release note for me. (x) Release notes are required, with the following suggested text:

# Security
* Fix USE statement which leaks names of catalogs and schemas that the user has no access to. ({issue}`14208`)

huberty89 avatar Sep 20 '22 07:09 huberty89