View Incident Report

Serious

Reported By: Phil Read
Reported On: 12/13/2019
For: Version 2.31 Build 10

# 4769 System Information Table Rows Incorrectly Cached and Leaked from Privileged User Queries

In the EDB Manager I'm connecting a Session under a user called Tim with public role only.

If I open the users tab (it limits the users listed and just shows the current user Tim) - now if I proceed to call the following function, the resulting table only contains the one user.

I disconnect and start again, but this time I don't open the users tab and instead proceed to call the function, the resulting table contains all the users as expected... BUT now if I open the users tab I can actually see all the users (even though I'm only a public role user).

Just for reference the FUNCTION being used is as follows:

CREATE FUNCTION "users_backup" ()
RETURNS BOOLEAN
BEGIN
  DECLARE AllOK BOOLEAN;
  SET AllOK = true;

  BEGIN
    EXECUTE IMMEDIATE 'DROP TABLE usersbackup';
    EXCEPTION
  END;

  BEGIN
    EXECUTE IMMEDIATE 'CREATE TABLE usersbackup AS
    SELECT Name, CreateSQL FROM CONFIGURATION.USERS WHERE Name <> ''System''
    WITH DATA';
    EXCEPTION
      SET AllOK = false;
  END;

  RETURN AllOK;
END
VERSION 1.00

Resolution

Fixed Problem on 12/16/2019 in version 2.31 build 11

Products Affected

ElevateDB Additional Software and Utilities
ElevateDB DAC Client-Server
ElevateDB DAC Client-Server with Source
ElevateDB DAC Standard
ElevateDB DAC Standard with Source
ElevateDB DAC Trial
ElevateDB LCL Standard with Source
ElevateDB PHP Standard
ElevateDB PHP Standard with Source
ElevateDB PHP Trial
ElevateDB VCL Client-Server
ElevateDB VCL Client-Server with Source
ElevateDB VCL Standard
ElevateDB VCL Standard with Source
ElevateDB VCL Trial

More Support Options

Search Incident Reports

Support Forums

Frequently Asked Questions

Technical Bulletins

Technical Articles

Product Manuals

Roadmap