Devising a User Security Policy | 335

FILE
The
FILE
privilege allows the user to use statements that read and write disk files,
permitting access to potentially sensitive information on the server and allowing the user to write large files. In practice, the user can only read and write files to which the server has access this includes all world-readable files and any file in the database directories. Fortunately, existing files can’t be overwritten, but this is still a powerful privilege.
CREATE
, DROP, and
INDEX
The
CREATE
and
DROP
privileges allow the user to create and delete databases, tables,
and indexes. At a global level, these privileges pose the same security problems as
ALTER
. At a database and table level, they allow destruction of data and indexes.
The
INDEX
privilege is a subset of CREATE, allowing only the key-creation feature;
you should limit access to this privilege too, since a user could add unnecessary indexes that slowdown the operation of your database server.
GRANT OPTION
This privilege allows one user to pass on privileges to another. In practice, only administrators should grant privileges, and you should avoid allowing other users to do so. A particular problem can occur if one user shares his privileges with another the user receiving additional privileges will obviously end up with more than he was initially granted—and perhaps more than he’s supposed to have.
PROCESS
This allows the user to view current processes, including the statements that started them. In practice, this means that the user can view databases and tables being created and changed and, importantly, statements that create users and their pass- words.
SHUTDOWN
This allows a user to stop the server.
You should avoid granting any privileges on the special mysql database. This is a default part of any MySQL installation that stores user privileges. Nobody other than the
MySQL root user should be able to be read, change, or delete information in this database.
Avoid granting access to anonymous users. You should instead require that all users be explicitly identified, along with the hosts they can connect from and the databases that they can access.
Choose good passwords always specify passwords when creating users, and ensure these passwords meet the basic criteria of being hard to guess while remaining straightforward to remember.
Finally, use secure remote connections if you allow remote access to the MySQL server,
require that these connections be encrypted. We don’t discuss how to do this, but you’ll find more detail under the heading Using Secure Connections in the MySQL manual.

Download 4.24 Mb.

Share with your friends: