Yes, every user has select privileges on information_schema but only see objects they have permissions for anyway so why would you want to disable this?
>From the MySQL 5.0 Manual: "Each MySQL user has the right to access these tables, but can see only the rows in the tables that correspond to objects for which the user has the proper access privileges. In some cases (for example, the ROUTINE_DEFINITION = column in the INFORMATION_SCHEMA.ROUTINES table), users who have = insufficient privileges will see NULL." I don't think it can be disabled, its standard SQL:2003 behaviour. Its the same in MS SQL Server and similar in Oracle and DB2. It also gives users no more information than they could get using MySQL SHOW commands. Regards John > Hmm, seems indeed every non-privileged user can access it: > > Your MySQL connection id is 13949 > Server version: 5.1.34 FreeBSD port: mysql-server-5.1.34 > > Type 'help;' or '\h' for help. Type '\c' to clear the current input > statement. > > mysql> > mysql> > mysql> show databases; > +--------------------+ > | Database | > +--------------------+ > | information_schema | > | hgallery | > +--------------------+ > 2 rows in set (0.00 sec) > > mysql> > > Ok, so how do I disable that? > > - Mark > > > -----Original Message----- > From: John Daisley [mailto:john.dais...@mypostoffice.co.uk] > Sent: woensdag 29 april 2009 5:58 > To: Scott Haneda > Cc: mysql@lists.mysql.com > Subject: Re: Information Schema > > Scott > > Information_schema is a virtual database only. I think it was added in > MySQL 5.0.2 to comply with SQL:2003 specifications. > > information_schema provides the same info as you can get from 'SHOW' > commands. Every user automatically has select privs for information_schema > and its not possible to perform any other action other than select on the > tables within information_schema. > > If you have a look here > > http://dev.mysql.com/tech-resources/articles/mysql-datadictionary.pdf > > you will find a document giving more details on what information_schema > is, how it works and how to use it. > > Regards > John > > >> I have been meaning to find out about this since I moved to mysql 5. >> In version 4, I never saw the table "information schema". With it >> being in version 5, I assume it was something only the root users, or >> a higher level user could see. >> >> I now know that it shows up under any account. I will certainly go >> read more in the docs about what this table is for. However, since it >> seems to be important, I would assume you do not want database users >> to be able to update, insert, or delete against it. >> >> Is the default set up in a way that database/tables are protected? >> -- >> Scott * If you contact me off list replace talklists@ with scott@ * >> >> >> -- >> MySQL General Mailing List >> For list archives: http://lists.mysql.com/mysql >> To unsubscribe: >> http://lists.mysql.com/mysql?unsub=john.dais...@butterflysystems.co.uk >> >> >> ______________________________________________ >> This email has been scanned by Netintelligence >> http://www.netintelligence.com/email >> >> > > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: > http://lists.mysql.com/mysql?unsub=ad...@asarian-host.net > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: > http://lists.mysql.com/mysql?unsub=john.dais...@butterflysystems.co.uk > > > ______________________________________________ > This email has been scanned by Netintelligence > http://www.netintelligence.com/email > > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
