MySQL general security guidelines. Part 3.

5 March, 2008 (14:01) | MySQL, Security | By: clive

Security-Related mysqld Options

The following mysqld options affect security:

–allow-suspicious-udfs

This controls whether user-defined functions that have only an symbol for the main function can be loaded. By default, the option is off and only UDFs that have at least one auxiliary symbol can be loaded

If you start the server with –local-infile=0, clients cannot use LOCAL in LOAD DATA statements

Force the server to generate short (pre-4.1) password hashes for new passwords. This is useful for compatibility when the server must support older client programs.

–safe-show-database

–safe-user-create

If this option is enabled, a user cannot create new MySQL users by using the GRANT statement unless the user has the INSERT privilege for the mysql user table or any column in the table.

–secure-auth

Disallow authentication for accounts that have old (pre-4.1) passwords.

–secure-file-priv=

This option limits the effect of the LOAD_FILE() function and the LOAD DATA and SELECT … INTO OUTFILE statements to work only with files in the specified directory.

–skip-grant-tables

This option causes the server not to use the privilege system at all. This gives anyone with access to the server unrestricted access to all databases.

–skip-name-resolve

Hostnames are not resolved. All Host column values in the grant tables must be IP numbers or localhost.

–skip-networking

Do not allow TCP/IP connections over the network. All connections to mysqld must be made via Unix socket files.

–skip-show-database

With this option, the SHOW DATABASES statement is allowed only to users who have the SHOW DATABASES privilege, and the statement displays all database names.

Want to be notified when new posts are published?