| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
mysqld Concerning Security
The following mysqld options affect security:
--local-infile[={0|1}]
--local-infile=0, clients cannot use
LOCAL in LOAD DATA statements.
See section LOAD DATA LOCAL.
--safe-show-database
SHOW DATABASES statement displays the names
of only those databases for which the user has some kind of privilege.
As of version 4.0.2, this option is deprecated and doesn't do anything
(it is enabled by default), because there is now a SHOW DATABASES
privilege that can be used to control access to database
names on a per-account basis. See section GRANT.
--safe-user-create
GRANT
statement unless the user has the INSERT privilege for the
mysql.user table. If you want a user to have the ability to create
new users with those privileges that the user has right to grant, you should
grant the user the following privilege:
mysql> GRANT INSERT(user) ON mysql.user TO 'user'@'hostname'; |
This will ensure that the user can't change any privilege columns directly,
but has to use the GRANT statement to give privileges to other users.
--skip-grant-tables
mysqladmin
flush-privileges or mysqladmin reload command, or by issuing a
FLUSH PRIVILEGES statement.)
--skip-name-resolve
Host column values in the grant
tables must be IP numbers or localhost.
--skip-networking
mysqld must be made via Unix socket files.
This option is unsuitable when using a MySQL version prior to 3.23.27 with
the MIT-pthreads package, because Unix socket files were not supported by
MIT-pthreads at that time.
--skip-show-database
SHOW DATABASES statement, unless the user has the
SHOW DATABASES privilege. As of version 4.0.2, you should no longer
need this option. Access now can be granted to specific accounts with the
SHOW DATABASES privilege.
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |