MYSQLD security-related startup options in MySQL

The following mysqld options affect security:

·--allow-suspicious-udfs

This option controls whether a user-defined function with only the XXX character can be loaded in the main function. By default, this option is turned off, and only UDF with at least one auxiliary character can be loaded. This prevents a shared object file from loading a function that has never been included in a legitimate UDF.

·--local-infile[={0|1}]

If you start the server with--local-infile=0, the client cannot use the local in LOAD data statement.

·--old-passwords

Forces the server to generate a short (pre-4.1) password hash for the new password. This is useful in order to ensure compatibility when the server must support older versions of the client program.

·(OBSOLETE) --safe-show-database

In previous versions of MySQL, this option causes the show databases statement to display only the name of a database for which the user has partial permissions. In MySQL 5.1, this option is no longer used as the default behavior now, and there is a show databases permission that can be used to control the access of each account to the database name.

·--safe-user-create

If enabled, a user cannot create a new user with a grant statement unless the user has INSERT permission for the Mysql.user table. If you want the user to have permission to create a new user, you should grant the user the following permissions:

mysql> GRANT INSERT(user) ON mysql.user TO '
user_name'@'host_name';

This ensures that the user cannot change the permission column directly, and the permission must be granted to other users using the GRANT statement.

·--secure-auth

Accounts that do not allow the identification of old (pre-4.1) passwords are not allowed.

·--skip-grant-tables

This option causes the server to not use the permissions system at all. This gives everyone the right to complete access to all the databases! (by executing the mysqladmin flush-privileges or mysqladmin reload command, or by executing the flush privileges statement, you can tell a running server to start using the authorization table again.) ）

·--skip-name-resolve

The host name is not parsed. The column value of all host in the authorization table must be an IP number or localhost.

·--skip-networking

TCP/IP connections are not allowed on the network. All connections to Mysqld must be made via UNIX sockets.

·--skip-show-database

With this option, only users with show databases permissions are allowed to execute the shows databases statement, which displays all database names. Do not use this option to allow all users to perform show DATABASES, but only the name of the database that the user has DATABASES permission or partial database permissions. Note that global permissions refer to the permissions of the database.