Curley, Thomas wrote:
I am trying to find a solution to the following security issue with MySql DB on linuxAs all the other posters have mentioned, you should have tight file level security set up. However, if you use basic mysql user authentication, even copying the files over shouldn't allow them to view the information in a database since they would need the mysql user/passwd to do anything. Which got me to thinking....is this the case? If I am using MyISAM tables and just port them over to a different box with a different security scheme, would I be allowed to view those MyISAM tables? Also, is this the case for InnoDB as well?
- Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!!
Sure. That's why you establish filesystem level access privileges so that only the mysql user can copy them in the first place.
If someone can copy your database files, you're hosed. All the attacker need do is start the server with --skip-grant-tables, and he can can connect to it with no password, and has complete access to any files managed by the server.
-- Paul DuBois, Senior Technical Writer Madison, Wisconsin, USA MySQL AB, www.mysql.com
Are you MySQL certified? http://www.mysql.com/certification/
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
