Skip to content

M
MariaDB
Commit a3744378 authored by unknown's avatar unknown
Browse files
Options

manual.texi minor wording changes to sections 6.1 - 6.3. 


Docs/manual.texi:
  minor wording changes to sections 6.1 - 6.3.
parent 9014e326
Hide whitespace changes
Inline Side-by-side
Showing with 16 additions and 13 deletions
Docs/manual.texi
View file @ a3744378
...@@ -11638,7 +11638,7 @@ of applicable attacks: eavesdropping, altering, playback, and denial of ...@@ -11638,7 +11638,7 @@ of applicable attacks: eavesdropping, altering, playback, and denial of
service. We do not cover all aspects of availability and fault tolerance service. We do not cover all aspects of availability and fault tolerance
here. here.
@strong{MySQL} uses Access Control Lists (ACLs) security for all @strong{MySQL} uses security based on Access Control Lists (ACLs) for all
connections, queries, and other operations that a user may attempt to connections, queries, and other operations that a user may attempt to
perform. There is also some support for SSL-encrypted connections perform. There is also some support for SSL-encrypted connections
between @strong{MySQL} clients and servers. Many of the concepts between @strong{MySQL} clients and servers. Many of the concepts
...@@ -11651,12 +11651,12 @@ When running @strong{MySQL}, follow these guidelines whenever possible: ...@@ -11651,12 +11651,12 @@ When running @strong{MySQL}, follow these guidelines whenever possible:
@item @item
DON'T EVER GIVE ANYONE (EXCEPT THE @strong{MySQL} ROOT USER) ACCESS TO THE DON'T EVER GIVE ANYONE (EXCEPT THE @strong{MySQL} ROOT USER) ACCESS TO THE
mysql.user TABLE! The encrypted password is the real password in mysql.user TABLE! The encrypted password is the real password in
@strong{MySQL}. If you know this for one user you can easily login as @strong{MySQL}. If you know this for one user, you can easily log in as
him if you have access to his 'host'. him if you have access to his 'host'.
@item @item
Learn the @strong{MySQL} access privilege system. The @code{GRANT} and Learn the @strong{MySQL} access privilege system. The @code{GRANT} and
@code{REVOKE} commands are used for restricting access to @strong{MySQL}. Do @code{REVOKE} commands are used for controlling access to @strong{MySQL}. Do
not grant any more privileges than necessary. Never grant privileges to all not grant any more privileges than necessary. Never grant privileges to all
hosts. hosts.
...@@ -11664,8 +11664,9 @@ Checklist: ...@@ -11664,8 +11664,9 @@ Checklist:
@itemize @minus @itemize @minus
@item @item
Try @code{mysql -u root}. If you are able to connect successfully to the Try @code{mysql -u root}. If you are able to connect successfully to the
server without being asked for a password, you have problems. Any user (not server without being asked for a password, you have problems. Anyone
just root) can connect to your @strong{MySQL} server with full privileges! can connect to your @strong{MySQL} server as the @strong{MySQL}
@code{root} user with full privileges!
Review the @strong{MySQL} installation instructions, paying particular Review the @strong{MySQL} installation instructions, paying particular
attention to the item about setting a @code{root} password. attention to the item about setting a @code{root} password.
@item @item
...@@ -11703,8 +11704,8 @@ server_host 3306} from some remote machine, where ...@@ -11703,8 +11704,8 @@ server_host 3306} from some remote machine, where
@code{server_host} is the hostname of your @strong{MySQL} @code{server_host} is the hostname of your @strong{MySQL}
server. If you get a connection and some garbage characters, the port is server. If you get a connection and some garbage characters, the port is
open, and should be closed on your firewall or router, unless you really open, and should be closed on your firewall or router, unless you really
have a good reason to keep it open. If @code{telnet} just hangs, have a good reason to keep it open. If @code{telnet} just hangs or the
everything is OK, the port is blocked. connection is refused, everything is OK; the port is blocked.
@end itemize @end itemize
@item @item
...@@ -11722,14 +11723,14 @@ available data that it need not be protected. This is incorrect. At least ...@@ -11722,14 +11723,14 @@ available data that it need not be protected. This is incorrect. At least
denial-of-service type attacks can be performed on such denial-of-service type attacks can be performed on such
databases. The simplest way to protect from this type of attack is to use databases. The simplest way to protect from this type of attack is to use
apostrophes around the numeric constants: @code{SELECT * FROM table apostrophes around the numeric constants: @code{SELECT * FROM table
WHERE ID='234'} instead of @code{SELECT * FROM table WHERE ID=234}. WHERE ID='234'} rather than @code{SELECT * FROM table WHERE ID=234}.
@strong{MySQL} automatically converts this string to a number and @strong{MySQL} automatically converts this string to a number and
strips all non-numeric symbols from it. strips all non-numeric symbols from it.
Checklist: Checklist:
@itemize @minus @itemize @minus
@item @item
All WWW applications: All Web applications:
@itemize @bullet @itemize @bullet
@item @item
Try to enter @samp{'} and @samp{"} in all your Web forms. If you get any kind Try to enter @samp{'} and @samp{"} in all your Web forms. If you get any kind
...@@ -11771,7 +11772,7 @@ Users of @strong{MySQL}++: ...@@ -11771,7 +11772,7 @@ Users of @strong{MySQL}++:
@item @item
Users of Perl DBI: Users of Perl DBI:
@itemize @bullet @itemize @bullet
@item Check out the @code{quote()} method. @item Check out the @code{quote()} method or use placeholders.
@end itemize @end itemize
@end itemize @end itemize
...@@ -11883,7 +11884,7 @@ in and check things even if all normal connections are in use. ...@@ -11883,7 +11884,7 @@ in and check things even if all normal connections are in use.
Don't give the @strong{file} privilege to all users. Any user that has this Don't give the @strong{file} privilege to all users. Any user that has this
privilege can write a file anywhere in the file system with the privileges of privilege can write a file anywhere in the file system with the privileges of
the @code{mysqld} daemon! To make this a bit safer, all files generated with the @code{mysqld} daemon! To make this a bit safer, all files generated with
@code{SELECT ... INTO OUTFILE} are readable to everyone, and you can't @code{SELECT ... INTO OUTFILE} are readable to everyone, and you cannot
overwrite existing files. overwrite existing files.
@tindex /etc/passwd @tindex /etc/passwd
...@@ -11938,10 +11939,12 @@ systems that use MIT-pthreads, because the MIT-pthreads package doesn't ...@@ -11938,10 +11939,12 @@ systems that use MIT-pthreads, because the MIT-pthreads package doesn't
support Unix sockets. support Unix sockets.
@item --skip-show-database @item --skip-show-database
@code{SHOW DATABASE} command doesn't return anything. With this option, the
@code{SHOW DATABASES} statement doesn't return anything.
@item --safe-show-database @item --safe-show-database
@code{SHOW DATABASE} only returns databases for which the user has With this option,
@code{SHOW DATABASES} returns only those databases for which the user has
some kind of privilege. some kind of privilege.
@end table @end table
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7