Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
418a3435
Commit
418a3435
authored
Apr 14, 2001
by
unknown
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
manual.texi minor wording changes to sections 6.1 - 6.3.
Docs/manual.texi: minor wording changes to sections 6.1 - 6.3.
parent
7cabdf04
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
13 deletions
+16
-13
Docs/manual.texi
Docs/manual.texi
+16
-13
No files found.
Docs/manual.texi
View file @
418a3435
...
@@ -11638,7 +11638,7 @@ of applicable attacks: eavesdropping, altering, playback, and denial of
...
@@ -11638,7 +11638,7 @@ of applicable attacks: eavesdropping, altering, playback, and denial of
service. We do not cover all aspects of availability and fault tolerance
service. We do not cover all aspects of availability and fault tolerance
here.
here.
@strong{MySQL} uses
Access Control Lists (ACLs) security
for all
@strong{MySQL} uses
security based on Access Control Lists (ACLs)
for all
connections, queries, and other operations that a user may attempt to
connections, queries, and other operations that a user may attempt to
perform. There is also some support for SSL-encrypted connections
perform. There is also some support for SSL-encrypted connections
between @strong{MySQL} clients and servers. Many of the concepts
between @strong{MySQL} clients and servers. Many of the concepts
...
@@ -11651,12 +11651,12 @@ When running @strong{MySQL}, follow these guidelines whenever possible:
...
@@ -11651,12 +11651,12 @@ When running @strong{MySQL}, follow these guidelines whenever possible:
@item
@item
DON'T EVER GIVE ANYONE (EXCEPT THE @strong{MySQL} ROOT USER) ACCESS TO THE
DON'T EVER GIVE ANYONE (EXCEPT THE @strong{MySQL} ROOT USER) ACCESS TO THE
mysql.user TABLE! The encrypted password is the real password in
mysql.user TABLE! The encrypted password is the real password in
@strong{MySQL}. If you know this for one user
you can easily log
in as
@strong{MySQL}. If you know this for one user
, you can easily log
in as
him if you have access to his 'host'.
him if you have access to his 'host'.
@item
@item
Learn the @strong{MySQL} access privilege system. The @code{GRANT} and
Learn the @strong{MySQL} access privilege system. The @code{GRANT} and
@code{REVOKE} commands are used for
restrict
ing access to @strong{MySQL}. Do
@code{REVOKE} commands are used for
controll
ing access to @strong{MySQL}. Do
not grant any more privileges than necessary. Never grant privileges to all
not grant any more privileges than necessary. Never grant privileges to all
hosts.
hosts.
...
@@ -11664,8 +11664,9 @@ Checklist:
...
@@ -11664,8 +11664,9 @@ Checklist:
@itemize @minus
@itemize @minus
@item
@item
Try @code{mysql -u root}. If you are able to connect successfully to the
Try @code{mysql -u root}. If you are able to connect successfully to the
server without being asked for a password, you have problems. Any user (not
server without being asked for a password, you have problems. Anyone
just root) can connect to your @strong{MySQL} server with full privileges!
can connect to your @strong{MySQL} server as the @strong{MySQL}
@code{root} user with full privileges!
Review the @strong{MySQL} installation instructions, paying particular
Review the @strong{MySQL} installation instructions, paying particular
attention to the item about setting a @code{root} password.
attention to the item about setting a @code{root} password.
@item
@item
...
@@ -11703,8 +11704,8 @@ server_host 3306} from some remote machine, where
...
@@ -11703,8 +11704,8 @@ server_host 3306} from some remote machine, where
@code{server_host} is the hostname of your @strong{MySQL}
@code{server_host} is the hostname of your @strong{MySQL}
server. If you get a connection and some garbage characters, the port is
server. If you get a connection and some garbage characters, the port is
open, and should be closed on your firewall or router, unless you really
open, and should be closed on your firewall or router, unless you really
have a good reason to keep it open. If @code{telnet} just hangs
,
have a good reason to keep it open. If @code{telnet} just hangs
or the
everything is OK,
the port is blocked.
connection is refused, everything is OK;
the port is blocked.
@end itemize
@end itemize
@item
@item
...
@@ -11722,14 +11723,14 @@ available data that it need not be protected. This is incorrect. At least
...
@@ -11722,14 +11723,14 @@ available data that it need not be protected. This is incorrect. At least
denial-of-service type attacks can be performed on such
denial-of-service type attacks can be performed on such
databases. The simplest way to protect from this type of attack is to use
databases. The simplest way to protect from this type of attack is to use
apostrophes around the numeric constants: @code{SELECT * FROM table
apostrophes around the numeric constants: @code{SELECT * FROM table
WHERE ID='234'}
instead of
@code{SELECT * FROM table WHERE ID=234}.
WHERE ID='234'}
rather than
@code{SELECT * FROM table WHERE ID=234}.
@strong{MySQL} automatically converts this string to a number and
@strong{MySQL} automatically converts this string to a number and
strips all non-numeric symbols from it.
strips all non-numeric symbols from it.
Checklist:
Checklist:
@itemize @minus
@itemize @minus
@item
@item
All W
WW
applications:
All W
eb
applications:
@itemize @bullet
@itemize @bullet
@item
@item
Try to enter @samp{'} and @samp{"} in all your Web forms. If you get any kind
Try to enter @samp{'} and @samp{"} in all your Web forms. If you get any kind
...
@@ -11771,7 +11772,7 @@ Users of @strong{MySQL}++:
...
@@ -11771,7 +11772,7 @@ Users of @strong{MySQL}++:
@item
@item
Users of Perl DBI:
Users of Perl DBI:
@itemize @bullet
@itemize @bullet
@item Check out the @code{quote()} method.
@item Check out the @code{quote()} method
or use placeholders
.
@end itemize
@end itemize
@end itemize
@end itemize
...
@@ -11883,7 +11884,7 @@ in and check things even if all normal connections are in use.
...
@@ -11883,7 +11884,7 @@ in and check things even if all normal connections are in use.
Don't give the @strong{file} privilege to all users. Any user that has this
Don't give the @strong{file} privilege to all users. Any user that has this
privilege can write a file anywhere in the file system with the privileges of
privilege can write a file anywhere in the file system with the privileges of
the @code{mysqld} daemon! To make this a bit safer, all files generated with
the @code{mysqld} daemon! To make this a bit safer, all files generated with
@code{SELECT ... INTO OUTFILE} are readable to everyone, and you can
'
t
@code{SELECT ... INTO OUTFILE} are readable to everyone, and you can
no
t
overwrite existing files.
overwrite existing files.
@tindex /etc/passwd
@tindex /etc/passwd
...
@@ -11938,10 +11939,12 @@ systems that use MIT-pthreads, because the MIT-pthreads package doesn't
...
@@ -11938,10 +11939,12 @@ systems that use MIT-pthreads, because the MIT-pthreads package doesn't
support Unix sockets.
support Unix sockets.
@item --skip-show-database
@item --skip-show-database
@code{SHOW DATABASE} command doesn't return anything.
With this option, the
@code{SHOW DATABASES} statement doesn't return anything.
@item --safe-show-database
@item --safe-show-database
@code{SHOW DATABASE} only returns databases for which the user has
With this option,
@code{SHOW DATABASES} returns only those databases for which the user has
some kind of privilege.
some kind of privilege.
@end table
@end table
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment