MySQL Security Guide (2) _ MySQL

MySQL Security Guide (2) 2.1.3 database and table permissions

The following permissions apply to database and table operations.

ALTER

Allow you to use the alter table Statement. this is actually a simple first-level permission. you must have other permissions. this depends on what operations you want to perform on the database.

CREATE

You can create databases and tables, but cannot create indexes.

DELETE

Allows you to delete existing records from a table.

DROP

You can delete (discard) databases and tables, but cannot delete indexes.

INDEX

Allows you to create and delete indexes.

REFERENCES

No.

SELECT

You can use the SELECT statement to retrieve data from a table. It is unnecessary for SELECT statements that do not involve tables, such as select now () or SELECT 4/2.

UPDATE

Allow you to modify existing records in the table.

2.1.4 manage permissions

The following permissions apply to administrative operations that control server or user authorization.

FILE

Allows you to tell the server to read or write files on the server host. This permission should not be granted at will. it is very dangerous. for details, see "avoiding the risk of authorization table ". The server is indeed cautious in using this permission within a certain range. You can only read files that anyone can read. The file you are writing must not be an existing file, which prevents you from forcing the server to rewrite important files, such as/etc/passwd or the data directory of another user's database.

If you authorize FILE permission, make sure that you do not run the server as a UNIX root user, because root can create new files anywhere in the FILE system. If you run the server as a non-privileged user, the server can only create files in the directories accessible to users.

GRANT

Allow you to GRANT your permissions to others, including GRANT.

PROCESS

You can use the show process statement or mysqladmin process command to view information about the running threads (processes) on the server. This permission also allows you to use the KILL statement or mysqladmin kill command to KILL the thread.

You can always see or kill your own thread. The PROCESS permission gives you the ability to perform these tasks on any thread.

RELOAD

Allows you to perform a large number of server management operations. You can issue FLUSH statements. you can also define mysqladmin's reload, refresh, flush-hosts, flush-logs, flush-privileges, and flush-tables commands.

SHUTDOWN

You can use mysqladmin shutdown to shut down the server.

In the user, db, and host tables, each permission is specified in a separate column. All these columns are declared as an ENUM ("N", "Y") type, so the default value of each permission is "N ". The permission in tables_priv and columns_priv is expressed as a SET, which allows the permission to be specified by a single column in any combination. These two tables are updated compared to the other three tables, which is why they use a more effective representation. (In the future, user, db, and host tables may also be represented by a SET type .)