(mysql.info.gz) Privileges options
Info Catalog
(mysql.info.gz) Security against attack
(mysql.info.gz) Security
(mysql.info.gz) LOAD DATA LOCAL
5.4.3 Startup Options for `mysqld' Concerning Security
------------------------------------------------------
The following `mysqld' options affect security:
`--local-infile[={0|1}]'
If you start the server with `--local-infile=0', clients cannot use
`LOCAL' in `LOAD DATA' statements. `LOAD DATA LOCAL' LOAD
DATA LOCAL.
`--old-passwords'
Force the server to generate short (pre-4.1) password hashes for
new passwords. This is useful for compatibility when the server
must support older client programs. Password hashing.
`--safe-show-database'
With this option, the `SHOW DATABASES' statement displays the names
of only those databases for which the user has some kind of
privilege. As of MySQL 4.0.2, this option is deprecated and
doesn't do anything (it is enabled by default), because there is a
`SHOW DATABASES' privilege that can be used to control access to
database names on a per-account basis. `GRANT' GRANT.
`--safe-user-create'
If this is enabled, a user cannot create new users with the `GRANT'
statement unless the user has the `INSERT' privilege for the
`mysql.user' table. If you want a user to have the ability to
create new users with those privileges that the user has right to
grant, you should grant the user the following privilege:
mysql> GRANT INSERT(user) ON mysql.user TO 'USER_NAME'@'HOST_NAME';
This will ensure that the user can't change any privilege columns
directly, but has to use the `GRANT' statement to give privileges
to other users.
`--secure-auth'
Disallow authentication for accounts that have old (pre-4.1)
passwords. This option is available as of MySQL 4.1.1.
`--skip-grant-tables'
This option causes the server not to use the privilege system at
all. This gives everyone _full access_ to all databases! (You can
tell a running server to start using the grant tables again by
executing a `mysqladmin flush-privileges' or `mysqladmin reload'
command, or by issuing a `FLUSH PRIVILEGES' statement.)
`--skip-name-resolve'
Hostnames are not resolved. All `Host' column values in the grant
tables must be IP numbers or `localhost'.
`--skip-networking'
Don't allow TCP/IP connections over the network. All connections
to `mysqld' must be made via Unix socket files. This option is
unsuitable when using a MySQL version prior to 3.23.27 with the
MIT-pthreads package, because Unix socket files were not supported
by MIT-pthreads at that time.
`--skip-show-database'
With this option, the `SHOW DATABASES' statement is allowed only to
users who have the `SHOW DATABASES' privilege, and the statement
displays all database names. Without this option, `SHOW
DATABASES' is allowed to all users, but displays each database
name only if the user has the `SHOW DATABASES' privilege or some
privilege for the database.
Info Catalog
(mysql.info.gz) Security against attack
(mysql.info.gz) Security
(mysql.info.gz) LOAD DATA LOCAL
automatically generated byinfo2html