(mysql.info) privileges-options
Info Catalog
(mysql.info) security-against-attack
(mysql.info) security
(mysql.info) load-data-local
5.7.3 Security-Related `mysqld' Options
---------------------------------------
The following `mysqld' options affect security:
* -allow-suspicious-udfs
This option controls whether user-defined functions that have only
an `xxx' symbol for the main function can be loaded. By default,
the option is off and only UDFs that have at least one auxiliary
symbol can be loaded; this prevents attempts at loading functions
from shared object files other than those containing legitimate
UDFs. For MySQL 5.0, this option was added in MySQL 5.0.3. See
udf-security.
* -local-infile[={0|1}]
If you start the server with -local-infile=0, clients cannot use
`LOCAL' in `LOAD DATA' statements. See load-data-local.
* -old-passwords
Force the server to generate short (pre-4.1) password hashes for
new passwords. This is useful for compatibility when the server
must support older client programs. See password-hashing.
* -safe-show-database (_OBSOLETE_)
In previous versions of MySQL, this option caused the `SHOW
DATABASES' statement to display the names of only those databases
for which the user had some kind of privilege. In MySQL 5.0, this
option is no longer available as this is now the default behavior,
and there is a `SHOW DATABASES' privilege that can be used to
control access to database names on a per-account basis. See
grant.
* -safe-user-create
If this option is enabled, a user cannot create new MySQL users by
using the `GRANT' statement unless the user has the `INSERT'
privilege for the `mysql.user' table. If you want a user to have
the ability to create new users that have those privileges that
the user has right to grant, you should grant the user the
following privilege:
GRANT INSERT(user) ON mysql.user TO 'USER_NAME'@'HOST_NAME';
This ensures that the user cannot change any privilege columns
directly, but has to use the `GRANT' statement to give privileges
to other users.
* -secure-auth
Disallow authentication for accounts that have old (pre-4.1)
passwords.
The `mysql' client also has a -secure-auth option, which prevents
connections to a server if the server requires a password in old
format for the client account.
* -skip-grant-tables
This option causes the server not to use the privilege system at
all. This gives anyone with access to the server _unrestricted
access_ to _all databases_. You can cause a running server to
start using the grant tables again by executing `mysqladmin
flush-privileges' or `mysqladmin reload' command from a system
shell, or by issuing a MySQL `FLUSH PRIVILEGES' statement. This
option also suppresses loading of user-defined functions (UDFs).
* -skip-name-resolve
Hostnames are not resolved. All `Host' column values in the grant
tables must be IP numbers or `localhost'.
* -skip-networking
Do not allow TCP/IP connections over the network. All connections
to `mysqld' must be made via Unix socket files.
* -skip-show-database
With this option, the `SHOW DATABASES' statement is allowed only
to users who have the `SHOW DATABASES' privilege, and the
statement displays all database names. Without this option, `SHOW
DATABASES' is allowed to all users, but displays each database
name only if the user has the `SHOW DATABASES' privilege or some
privilege for the database. Note that any global privilege is a
privilege for the database.
Info Catalog
(mysql.info) security-against-attack
(mysql.info) security
(mysql.info) load-data-local
automatically generated byinfo2html