wescale
wescale copied to clipboard
Published
20 hours ago •
wesql
wesql
Bug Report: vttablet did not verify the permission of create
Overview of the Issue
We are creating a new user with limited permissions, specifically allowing the use of the CREATE statement while not granting any additional permissions.
Reproduction Steps
create user in primary mysql
➜ ~ mysql -uroot -h127.0.0.1 -P17101
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2507
Server version: 8.0.33 Homebrew
Copyright (c) 2000, 2023, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create user 'test1'@'localhost' identified with caching_sha2_password by 'password';
Query OK, 0 rows affected (0.00 sec)
login through vtgate
➜ ~ mysql -utest1 -ppassword
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 8.0.30-Vitess Version: 16.0.0 (Git revision branch '') built on by @ using go1.20.4 darwin/arm64
Copyright (c) 2000, 2023, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database test1_database;
Query OK, 1 row affected (0.07 sec)
Binary Version
No response
Operating System and Environment details
No response
Log Fragments
No response
