Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

MYSQL restrict user access to information_schema

Tags:

php

mysql

I have a MySQL server (Server version: 5.1.68-community; MySQL client version: 5.0.51a). Is there any way to restrict ALL access to information_schema for all users?

What happens is that, some customer sites are getting hacked frequently through SQL Injection and they can get the database structure from information_schema table/view. Of course, we need to change the PHP codes to prevent SQL Injection, but still I would like to restrict access to information_schema server-wide.

Please guide me... thanks in advance

like image 528
Sujith Avatar asked Feb 13 '14 13:02

Sujith

People also ask

Does MySQL have Information_schema?

INFORMATION_SCHEMA provides access to database metadata, information about the MySQL server such as the name of a database or table, the data type of a column, or access privileges. Other terms that are sometimes used for this information are data dictionary and system catalog.

How do I give a MySQL user a read-only permission?

This command gives the user read-only access to the database from the local host only. If you know the host name or IP address of the host that the collector is will be installed on, type the following command: grant select on database_name. * to 'read-only_user_name'@'host_name or IP_address' identified by 'password';

How are permissions implemented in my sequel?

In MySQL, the user permissions are granted to the MySQL user account which determines operations that can be performed in the server. These user permissions may differ in the levels of privileges in which they are applied for several query executions.

1 Answers

The INFORMATION_SCHEMA is a virtual database that holds meta-information about all databases accessible to current user. I.e. it's build dynamically according to user's permissions. It isn't real database. You should not try to change permissions to it in any case - it's updated dynamically according to server's state.

So your question has little sense. If someone will compromise some of users and get system control with it's permissions, he will be able to access to INFORMATION_SCHEMA for that user by definition (as that user can access any thing which is allowed by it's permissions - INFORMATION_SCHEMA is "a projection" of user's permissions).

like image 130
Alma Do Avatar answered Sep 30 '22 11:09

Alma Do
Sign in to Comment

Related questions

Consuming not acknowledge messages from RabbitMq
Header names with underscores ignored in php 5.5.1 / apache 2.4.6
Deprecated: Function eregi() is deprecated in [duplicate]
Use of php variable $_ (dollar sign followed by an underscore)
Get number of messages in an Amazon SQS Queue
Eager Loading: Use `with` on pivot with eloquent relationship
'git pull' command work from terminal but not with php shell_exec() via git repository hook
Cloudflare throws 524 an error on my server
How to extend vendor package service provider in Laravel 5.5
Zend_Form - Array based elements?
What does preg stand for in PHP's functions?
PHP HSV to RGB formula comprehension
htmlspecialchars(): Invalid multibyte sequence in argument
PDO MySQL fetchAll() using double the necessary memory in result?
Upload multiple files in CodeIgniter
PHP - self, static or $this in callback function
Unexpected behavior in PHP - Same code gives correct results in C# and Python
Optimize uploaded images with php (jpeg)
Abstract class and interface together?
Connect websocket server by LAN IP address

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!