?

Log in

No account? Create an account
Patrick Galbraith's Journal
 
[Most Recent Entries] [Calendar View] [Friends View]

Monday, August 13th, 2012

Time Event
12:19p
Useful modification to MySQL security feature in Percona Server
In cloud environments or other secure environments, you may want to lock your database down, allowing or disallowing certain grants or capabilities outside the database. One potential security issue is the use of LOAD DATA INFO and SELECT INTO OUTFILE, depending on what files that exist in directories the MySQL server has access to, or even if you have concerns with any database user ever having any access to the file system outside of the database. A few months ago, with version 5.5-25a-27.1, Percona extended this security feature so that you can disable LOAD DATA INFILE and SELECT INTO OUTFILE, simply called "secure-file-priv". This feature is extremely easy to use-- simply specify it in your my.cnf. You can set it a number of ways:

For instance, if you wanted to limit LOAD DATA INFILE or SELECT INTO OUTFILE to /var/tmp:

secure-file-priv = /var/tmp

Or if you wanted to disable it completely, specify no argument

secure-file-priv

The result of when a user tries to run either would be:

mysql> select * into outfile '/home/mydir/' t1.txt from t1;
ERROR 1290 (HY000): The MySQL server is running with the --secure-file-priv option so it cannot execute this statement

<< Previous Day 2012/08/13
[Calendar]
Next Day >>
About LiveJournal.com