Commit 5f1f4023 authored by unknown's avatar unknown
Browse files

Polishing: after implementing TRIGGER privilege, mysqld option 

'--log-bin-trust-function-creators' affects not only replication of the
stored functions, but also replication of the triggers.


sql/mysqld.cc:
  Updated the description of mysqld '--log-bin-trust-function-creators' option
  to reflect that after introducing TRIGGER privilege this option also controls
  replication of triggers.
sql/sql_trigger.cc:
  Updated the comment to be consistent with the new behaviour,
  introduced by TRIGGER privilege.
parent df59e69c

sql/mysqld.cc

+2 −2
Original line number Diff line number Diff line
@@ -5234,8 +5234,8 @@ Disable with --skip-innodb-doublewrite.", (gptr*) &innobase_use_doublewrite, 
  */

  {"log-bin-trust-function-creators", OPT_LOG_BIN_TRUST_FUNCTION_CREATORS,

   "If equal to 0 (the default), then when --log-bin is used, creation of "

   "a function is allowed only to users having the SUPER privilege and only "

   "if this function may not break binary logging."

   "a function (a trigger) is allowed only to users having the SUPER privilege "

   "and only if this function (trigger) may not break binary logging."

#ifdef HAVE_ROW_BASED_REPLICATION

   " If using --binlog-format=row, the security issues do not exist and the "

   "binary logging cannot break so this option is automatically set to 1."

sql/sql_trigger.cc

+2 −4
Original line number Diff line number Diff line
@@ -195,10 +195,8 @@ bool mysql_create_or_drop_trigger(THD *thd, TABLE_LIST *tables, bool create) 
  /*

    There is no DETERMINISTIC clause for triggers, so can't check it.

    But a trigger can in theory be used to do nasty things (if it supported

    DROP for example) so we do the check for privileges. For now there is

    already a stronger test right above; but when this stronger test will

    be removed, the test below will hold. Because triggers have the same

    nature as functions regarding binlogging: their body is implicitely

    DROP for example) so we do the check for privileges. Triggers have the

    same nature as functions regarding binlogging: their body is implicitely

    binlogged, so they share the same danger, so trust_function_creators

    applies to them too.

  */