MySQL Manual
4 Database Administration
- 4.2 General Security Issues and the MySQL Access Privilege System
- 4.2.1 General Security Guidelines
- 4.2.2 How to Make MySQL Secure Against Crackers
- 4.2.3 Startup Options for
mysqldConcerning Security - 4.2.4 Security issues with
LOAD DATA LOCAL - 4.2.5 What the Privilege System Does
- 4.2.6 How the Privilege System Works
- 4.2.7 Privileges Provided by MySQL
- 4.2.8 Connecting to the MySQL Server
- 4.2.9 Access Control, Stage 1: Connection Verification
- 4.2.10 Access Control, Stage 2: Request Verification
- 4.2.11 Password Hashing in MySQL 4.1
- 4.2.13 Causes of
Access deniedErrors
4.2.3 Startup Options for mysqld Concerning Security
The following mysqld options affect security:
--local-infile[=(0|1)]-
If one uses
--local-infile=0then one can't useLOAD DATA LOCAL INFILE. --safe-show-database-
With this option, the
SHOW DATABASEScommand returns only those databases for which the user has some kind of privilege. From version 4.0.2 this option is deprecated and doesn't do anything (the option is enabled by default) as we now have theSHOW DATABASESprivilege. See section 4.3.1GRANTandREVOKESyntax. --safe-user-create-
If this is enabled, an user can't create new users with the
GRANTcommand, if the user doesn't have theINSERTprivilege for themysql.usertable. If you want to give a user access to just create new users with those privileges that the user has right to grant, you should give the user the following privilege:mysql> GRANT INSERT(user) ON mysql.user TO 'user'@'hostname';
This will ensure that the user can't change any privilege columns directly, but has to use theGRANTcommand to give privileges to other users. --skip-grant-tables-
This option causes the server not to use the privilege system at all. This
gives everyone full access to all databases! (You can tell a running
server to start using the grant tables again by executing
mysqladmin flush-privilegesormysqladmin reload.) --skip-name-resolve-
Hostnames are not resolved. All
Hostcolumn values in the grant tables must be IP numbers orlocalhost. --skip-networking-
Don't allow TCP/IP connections over the network. All connections to
mysqldmust be made via Unix sockets. This option is unsuitable when using a MySQL version prior to 3.23.27 with the MIT-pthreads package, because Unix sockets were not supported by MIT-pthreads at that time. --skip-show-database-
Don't allow
SHOW DATABASEScommand, unless the user has theSHOW DATABASESprivilege. From version 4.0.2 you should no longer need this option, since access can now be granted specifically with theSHOW DATABASESprivilege.
User Comments
| Posted by Bas Meijer on Thursday May 9 2002, @9:01am | [Delete] [Edit] |
A simple security enhancement missing in
this list would be for:
[mysqld]
bind-address=127.0.0.1
This means localhost can only connect, and
that's enough for small scale projects. They
won't see port 3306 in portscans anymore.
| Posted by Bryce Nesbitt on Monday April 7 2003, @6:41am | [Delete] [Edit] |
If your application, web server and database all run on the same machine, then you probably don't need networking enabled at all. Use of the "--skip-networking" flag is highly recommended.
| Posted by Fraser Campbell on Monday April 28 2003, @9:07pm | [Delete] [Edit] |
So is there nothing equivalent to the suggested "bind-address=127.0.0.1". I really would find this feature useful because I'm running chrooted daemons. I either have to make hard links to the mysql socket file at startup time or I have to use tcp/ip ... tcp/ip would be much less problematic.
If the feature isn't supported I guess I'll resort to firewalling for now.
