Security-Related mysqld Options

• The following mysqld options affect security:
  • --allow-suspicious-udfs
    • This option controls whether user-defined functions that have only an xxx symbol for the main function can be loaded.
    • By default, the option is off and only UDFs that have at least one auxiliary symbol can be loaded.
  • --local-infile[={0|1}]
    • If the server is started with --local-infile=0, clients cannot use LOCAL in LOAD DATA statements.
  • --safe-user-create
    • If this option is enabled, an user cannot create new MySQL users by using the GRANT statement unless the user has the INSERT privilege for the mysql.user table.
  • --skip-grant-tables
    • This gives anyone with access to the server unrestricted access to all databases.
  • --skip-name-resolve
    • All Host column values in the grant tables must be IP numbers or localhost.
  • --skip-networking
    • Do not allow TCP/IP connections over the network.
    • All connections to mysqld must be made via socket files.
  • --skip-show-database
    • With this option, the SHOW DATABASES statement is allowed only to users who have the SHOW DATABASES privilege, and the statement displays all database names.
    • Without this option, SHOW DATABASES is allowed to all users, but displays each database name only if the user has the SHOW DATABASES privilege or some privilege for the database.

What are the security issues with LOAD DATA LOCAL?

---

---

© 2007 John Michael Pierobon

Notes