[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
mysqld
Concerning Security
The following mysqld
options affect security:
--local-infile[={0|1}]
--local-infile=0
, clients cannot use
LOCAL
in LOAD DATA
statements.
See section LOAD DATA LOCAL
.
--safe-show-database
SHOW DATABASES
statement displays the names
of only those databases for which the user has some kind of privilege.
As of version 4.0.2, this option is deprecated and doesn't do anything
(it is enabled by default), because there is now a SHOW DATABASES
privilege that can be used to control access to database
names on a per-account basis. See section GRANT
.
--safe-user-create
GRANT
statement unless the user has the INSERT
privilege for the
mysql.user
table. If you want a user to have the ability to create
new users with those privileges that the user has right to grant, you should
grant the user the following privilege:
mysql> GRANT INSERT(user) ON mysql.user TO 'user'@'hostname'; |
This will ensure that the user can't change any privilege columns directly,
but has to use the GRANT
statement to give privileges to other users.
--skip-grant-tables
mysqladmin
flush-privileges
or mysqladmin reload
command, or by issuing a
FLUSH PRIVILEGES
statement.)
--skip-name-resolve
Host
column values in the grant
tables must be IP numbers or localhost
.
--skip-networking
mysqld
must be made via Unix socket files.
This option is unsuitable when using a MySQL version prior to 3.23.27 with
the MIT-pthreads package, because Unix socket files were not supported by
MIT-pthreads at that time.
--skip-show-database
SHOW DATABASES
statement, unless the user has the
SHOW DATABASES
privilege. As of version 4.0.2, you should no longer
need this option. Access now can be granted to specific accounts with the
SHOW DATABASES
privilege.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |