Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
10c6a5fb
Commit
10c6a5fb
authored
Apr 14, 2001
by
paul@central.snake.net
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
manual.texi minor wording changes to sections 6.1 - 6.3.
parent
c3e3a336
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
13 deletions
+16
-13
Docs/manual.texi
Docs/manual.texi
+16
-13
No files found.
Docs/manual.texi
View file @
10c6a5fb
...
...
@@ -11638,7 +11638,7 @@ of applicable attacks: eavesdropping, altering, playback, and denial of
service. We do not cover all aspects of availability and fault tolerance
here.
@strong{MySQL} uses
Access Control Lists (ACLs) security
for all
@strong{MySQL} uses
security based on Access Control Lists (ACLs)
for all
connections, queries, and other operations that a user may attempt to
perform. There is also some support for SSL-encrypted connections
between @strong{MySQL} clients and servers. Many of the concepts
...
...
@@ -11651,12 +11651,12 @@ When running @strong{MySQL}, follow these guidelines whenever possible:
@item
DON'T EVER GIVE ANYONE (EXCEPT THE @strong{MySQL} ROOT USER) ACCESS TO THE
mysql.user TABLE! The encrypted password is the real password in
@strong{MySQL}. If you know this for one user
you can easily log
in as
@strong{MySQL}. If you know this for one user
, you can easily log
in as
him if you have access to his 'host'.
@item
Learn the @strong{MySQL} access privilege system. The @code{GRANT} and
@code{REVOKE} commands are used for
restrict
ing access to @strong{MySQL}. Do
@code{REVOKE} commands are used for
controll
ing access to @strong{MySQL}. Do
not grant any more privileges than necessary. Never grant privileges to all
hosts.
...
...
@@ -11664,8 +11664,9 @@ Checklist:
@itemize @minus
@item
Try @code{mysql -u root}. If you are able to connect successfully to the
server without being asked for a password, you have problems. Any user (not
just root) can connect to your @strong{MySQL} server with full privileges!
server without being asked for a password, you have problems. Anyone
can connect to your @strong{MySQL} server as the @strong{MySQL}
@code{root} user with full privileges!
Review the @strong{MySQL} installation instructions, paying particular
attention to the item about setting a @code{root} password.
@item
...
...
@@ -11703,8 +11704,8 @@ server_host 3306} from some remote machine, where
@code{server_host} is the hostname of your @strong{MySQL}
server. If you get a connection and some garbage characters, the port is
open, and should be closed on your firewall or router, unless you really
have a good reason to keep it open. If @code{telnet} just hangs
,
everything is OK,
the port is blocked.
have a good reason to keep it open. If @code{telnet} just hangs
or the
connection is refused, everything is OK;
the port is blocked.
@end itemize
@item
...
...
@@ -11722,14 +11723,14 @@ available data that it need not be protected. This is incorrect. At least
denial-of-service type attacks can be performed on such
databases. The simplest way to protect from this type of attack is to use
apostrophes around the numeric constants: @code{SELECT * FROM table
WHERE ID='234'}
instead of
@code{SELECT * FROM table WHERE ID=234}.
WHERE ID='234'}
rather than
@code{SELECT * FROM table WHERE ID=234}.
@strong{MySQL} automatically converts this string to a number and
strips all non-numeric symbols from it.
Checklist:
@itemize @minus
@item
All W
WW
applications:
All W
eb
applications:
@itemize @bullet
@item
Try to enter @samp{'} and @samp{"} in all your Web forms. If you get any kind
...
...
@@ -11771,7 +11772,7 @@ Users of @strong{MySQL}++:
@item
Users of Perl DBI:
@itemize @bullet
@item Check out the @code{quote()} method.
@item Check out the @code{quote()} method
or use placeholders
.
@end itemize
@end itemize
...
...
@@ -11883,7 +11884,7 @@ in and check things even if all normal connections are in use.
Don't give the @strong{file} privilege to all users. Any user that has this
privilege can write a file anywhere in the file system with the privileges of
the @code{mysqld} daemon! To make this a bit safer, all files generated with
@code{SELECT ... INTO OUTFILE} are readable to everyone, and you can
'
t
@code{SELECT ... INTO OUTFILE} are readable to everyone, and you can
no
t
overwrite existing files.
@tindex /etc/passwd
...
...
@@ -11938,10 +11939,12 @@ systems that use MIT-pthreads, because the MIT-pthreads package doesn't
support Unix sockets.
@item --skip-show-database
@code{SHOW DATABASE} command doesn't return anything.
With this option, the
@code{SHOW DATABASES} statement doesn't return anything.
@item --safe-show-database
@code{SHOW DATABASE} only returns databases for which the user has
With this option,
@code{SHOW DATABASES} returns only those databases for which the user has
some kind of privilege.
@end table
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment