Databases Reference
In-Depth Information
FILE
The
FILE
privilege allows the user to use statements that read and write disk files,
permitting access to potentially sensitive information on the server and allowing
the user to write large files. In practice, the user can only read and write files to
which the server has access; this includes all world-readable files and any file in the
database directories. Fortunately, existing files can't be overwritten, but this is still
a powerful privilege.
CREATE
,
DROP
, and
INDEX
The
CREATE
and
DROP
privileges allow the user to create and delete databases, tables,
and indexes. At a global level, these privileges pose the same security problems as
ALTER
. At a database and table level, they allow destruction of data and indexes.
The
INDEX
privilege is a subset of
CREATE
, allowing only the key-creation feature;
you should limit access to this privilege too, since a user could add unnecessary
indexes that slow down the operation of your database server.
GRANT OPTION
This privilege allows one user to pass on privileges to another. In practice, only
administrators should grant privileges, and you should avoid allowing other users
to do so. A particular problem can occur if one user shares his privileges with
another; the user receiving additional privileges will obviously end up with more
than he was initially granted—and perhaps more than he's supposed to have.
PROCESS
This allows the user to view current processes, including the statements that started
them. In practice, this means that the user can view databases and tables being
created and changed and, importantly, statements that create users and their pass-
words.
SHUTDOWN
This allows a user to stop the server.
You should avoid granting any privileges on the special
mysql
database. This is a default
part of any MySQL installation that stores user privileges. Nobody other than the
MySQL
root
user should be able to be read, change, or delete information in this
database.
Avoid granting access to anonymous users. You should instead require that all users
be explicitly identified, along with the hosts they can connect from and the databases
that they can access.
Choose good passwords: always specify passwords when creating users, and ensure
these passwords meet the basic criteria of being hard to guess while remaining straight-
forward to remember.
Finally, use secure remote connections: if you allow remote access to the MySQL server,
require that these connections be encrypted. We don't discuss how to do this, but you'll
find more detail under the heading “Using Secure Connections” in the MySQL manual.
