MYSQL restrict user access to information_schema

后端 未结 2 1432
慢半拍i
慢半拍i 2021-02-19 03:20

I have a MySQL server (Server version: 5.1.68-community; MySQL client version: 5.0.51a). Is there any way to restrict ALL access to information_schema for all users?

Wh

相关标签:
2条回答
  • 2021-02-19 03:40

    The INFORMATION_SCHEMA is a virtual database that holds meta-information about all databases accessible to current user. I.e. it's build dynamically according to user's permissions. It isn't real database. You should not try to change permissions to it in any case - it's updated dynamically according to server's state.

    So your question has little sense. If someone will compromise some of users and get system control with it's permissions, he will be able to access to INFORMATION_SCHEMA for that user by definition (as that user can access any thing which is allowed by it's permissions - INFORMATION_SCHEMA is "a projection" of user's permissions).

    0 讨论(0)
  • 2021-02-19 03:50

    One cannot prevent access to the information_schema (yet), but in the case of sql-injections through GET Request, it is easy to do a:

    RewriteCond %{REQUEST_FILENAME}   !handle_error\.php
    RewriteCond %{QUERY_STRING}   information_schema
    RewriteRule  ^(.*?)          /handle_error.php [R=301,L]
    

    in your .htaccess and this should save one some headache.

    0 讨论(0)
提交回复
热议问题