[Firebird-devel] [FB-Tracker] Created: (CORE-3681) user without any rights can delete sequences, c

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

user without any rights can delete sequences, collations and even triggers with rdb$system_flag=0
-------------------------------------------------------------------------------------------------

                 Key: CORE-3681
                 URL: http://tracker.firebirdsql.org/browse/CORE-3681
             Project: Firebird Core
          Issue Type: Bug
            Reporter: Pavel Zotov

C:\1INSTALL\FIREBIRD\FB25>isql -n TCHK.FDB -user sysdba -pas masterke
Database:  TCHK.FDB, User: sysdba
SQL> create sequence gen_tns; commit;
SQL> create collation ns_coll for utf8 from unicode 'NUMERIC-SORT=1'; commit;
SQL> create user tu0 password 'tu0'; commit;
SQL> connect tchk.fdb user tu0 password tu0;
Database:  tchk.fdb, User: tu0 ------------------- since that point we are connected without any rights
SQL> delete from rdb$generators where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> delete from rdb$collations where rdb$system_flag=0;
SQL> commit; -- passed! why ??
SQL> delete from rdb$triggers where rdb$system_flag=0;
SQL> commit; -- passed! why ??

SQL> update rdb$indices set rdb$index_inactive=3 where rdb$system_flag=0;
Statement failed, SQLSTATE = 28000
no permission for control access to TABLE TNS -- only that works Ok

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Firebird-devel] [FB-Tracker] Created: (CORE-3681) user without any rights can delete sequences, c

A powerful, cross platform, SQL database system

[Firebird-devel] [FB-Tracker] Created: (CORE-3681) user without any rights can delete sequences, collations and even triggers with rdb$system_flag=0