Menu
I have a MySQL server (Server version: 5.1.68-community; MySQL client version: 5.0.51a). Is there any way to restrict ALL access to information_schema for all users?
What happens is that, some customer sites are getting hacked frequently through SQL Injection and they can get the database structure from information_schema table/view. Of course, we need to change the PHP codes to prevent SQL Injection, but still I would like to restrict access to information_schema server-wide.
Please guide me... thanks in advance
528
INFORMATION_SCHEMA provides access to database metadata, information about the MySQL server such as the name of a database or table, the data type of a column, or access privileges. Other terms that are sometimes used for this information are data dictionary and system catalog.
This command gives the user read-only access to the database from the local host only. If you know the host name or IP address of the host that the collector is will be installed on, type the following command: grant select on database_name. * to 'read-only_user_name'@'host_name or IP_address' identified by 'password';
In MySQL, the user permissions are granted to the MySQL user account which determines operations that can be performed in the server. These user permissions may differ in the levels of privileges in which they are applied for several query executions.
The INFORMATION_SCHEMA is a virtual database that holds meta-information about all databases accessible to current user. I.e. it's build dynamically according to user's permissions. It isn't real database. You should not try to change permissions to it in any case - it's updated dynamically according to server's state.
So your question has little sense. If someone will compromise some of users and get system control with it's permissions, he will be able to access to INFORMATION_SCHEMA for that user by definition (as that user can access any thing which is allowed by it's permissions - INFORMATION_SCHEMA is "a projection" of user's permissions).
130
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
