From: Pavel Z. (JIRA) <tr...@fi...> - 2011-11-30 21:18:35
|
user without any rights can delete sequences, collations and even triggers with rdb$system_flag=0 ------------------------------------------------------------------------------------------------- Key: CORE-3681 URL: http://tracker.firebirdsql.org/browse/CORE-3681 Project: Firebird Core Issue Type: Bug Reporter: Pavel Zotov C:\1INSTALL\FIREBIRD\FB25>isql -n TCHK.FDB -user sysdba -pas masterke Database: TCHK.FDB, User: sysdba SQL> create sequence gen_tns; commit; SQL> create collation ns_coll for utf8 from unicode 'NUMERIC-SORT=1'; commit; SQL> create user tu0 password 'tu0'; commit; SQL> connect tchk.fdb user tu0 password tu0; Database: tchk.fdb, User: tu0 ------------------- since that point we are connected without any rights SQL> delete from rdb$generators where rdb$system_flag=0; SQL> commit; -- passed! why ?? SQL> delete from rdb$collations where rdb$system_flag=0; SQL> commit; -- passed! why ?? SQL> delete from rdb$triggers where rdb$system_flag=0; SQL> commit; -- passed! why ?? SQL> update rdb$indices set rdb$index_inactive=3 where rdb$system_flag=0; Statement failed, SQLSTATE = 28000 no permission for control access to TABLE TNS -- only that works Ok -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tracker.firebirdsql.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira |