Caution

• It is a good idea to grant an account only those privileges that it needs.

• Exercise caution in granting the following privileges:
  • The FILE privilege can be abused to read into a database table any files that the MySQL server can read on the server host.
    • This includes all world-readable files and files in the server's data directory.
    • The table can then be accessed using SELECT to transfer its contents to the client host.
  • The GRANT privilege enables users to give their privileges to other users.
    • Two users that have different privileges and with the GRANT privilege are able to combine privileges.
  • The ALTER privilege may be used to subvert the privilege system by renaming tables.
  • The SHUTDOWN privilege can be abused to deny service to other users entirely by terminating the server.
  • The PROCESS privilege can be used to view the plain text of currently executing statements, including statements that set or change passwords.
  • The SUPER privilege can be used to terminate other clients or change how the server operates.
  • Privileges granted for the mysql database itself can be used to change passwords and other access privilege information.
    • Passwords are stored encrypted, so a malicious user cannot simply read them to know the plain text password.
    • However, a user with write access to the user table Password column can change an account's password, and then connect to the MySQL server using that account.

What cannot be done with privileges?

---

---

© 2007 John Michael Pierobon

Notes