MySQL Reference Manual for version 4.0.18.

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.3.3 Startup Options for mysqld Concerning Security

The following mysqld options affect security:

--local-infile[={0|1}]
If you start the server with --local-infile=0, clients cannot use LOCAL in LOAD DATA statements. See section LOAD DATA LOCAL.

--safe-show-database
With this option, the SHOW DATABASES statement displays the names of only those databases for which the user has some kind of privilege. As of version 4.0.2, this option is deprecated and doesn't do anything (it is enabled by default), because there is now a SHOW DATABASES privilege that can be used to control access to database names on a per-account basis. See section GRANT.

--safe-user-create
If this is enabled, a user cannot create new users with the GRANT statement unless the user has the INSERT privilege for the mysql.user table. If you want a user to have the ability to create new users with those privileges that the user has right to grant, you should grant the user the following privilege:

 
mysql> GRANT INSERT(user) ON mysql.user TO 'user'@'hostname';

This will ensure that the user can't change any privilege columns directly, but has to use the GRANT statement to give privileges to other users.

--skip-grant-tables
This option causes the server not to use the privilege system at all. This gives everyone full access to all databases! (You can tell a running server to start using the grant tables again by executing a mysqladmin flush-privileges or mysqladmin reload command, or by issuing a FLUSH PRIVILEGES statement.)

--skip-name-resolve
Hostnames are not resolved. All Host column values in the grant tables must be IP numbers or localhost.

--skip-networking
Don't allow TCP/IP connections over the network. All connections to mysqld must be made via Unix socket files. This option is unsuitable when using a MySQL version prior to 3.23.27 with the MIT-pthreads package, because Unix socket files were not supported by MIT-pthreads at that time.

--skip-show-database
Don't allow the SHOW DATABASES statement, unless the user has the SHOW DATABASES privilege. As of version 4.0.2, you should no longer need this option. Access now can be granted to specific accounts with the SHOW DATABASES privilege.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated by rdg (Feb 25 2004) using texi2html