MySQL Security - Privileges

MySQL uses your account information (username, password, and location) to authenticate you. Once it has done so, it must decide what you’re allowed to do. It does this by consulting your privileges, which are usually named after the SQL queries they let you execute. For example, you need the SELECT privilege on a table to retrieve data from it.

There are two kinds of privileges: those that are associated with objects (such as tables, databases, and views), and those that aren’t. Object-specific privileges grant you access to specific objects. For example, they control whether you can retrieve data from a table, alter a table, create a view in a database, or create a trigger. MySQL 5.0 and newer have many additional object-specific privileges, because of the introduction of views, stored procedures, and other new features.

Global privileges, on the other hand, let you perform functions such as shutting down the server, executing FLUSH commands, running various SHOW commands, and viewing other users’ queries. In general, the global privileges let you do things to the server, and the object-based privileges let you do things to the server’s contents (although that distinction is not always sharply defined). Each global privilege has far-reaching security implications, so be very cautious when granting any of them!

MySQL privileges are Boolean: a privilege is either granted or not. Unlike some other database systems, MySQL doesn’t have the notion of explicitly denied privileges. Revoking a privilege doesn’t forbid the user to perform an action; it merely removes the privilege to perform the action if it exists. MySQL’s privileges are also hierarchical, with a twist or two.

Source of Information : OReIlly High Performance MySQL Second Edition

0 comments


Subscribe to Developer Techno ?
Enter your email address:

Delivered by FeedBurner