MYSQL限制用户对information_schema的访问 [英] MYSQL restrict user access to information_schema

问题描述

我有一个MySQL服务器(服务器版本:5.1.68-community； MySQL客户端版本:5.0.51a).有什么方法可以限制所有用户对information_schema的全部访问权限?

I have a MySQL server (Server version: 5.1.68-community; MySQL client version: 5.0.51a). Is there any way to restrict ALL access to information_schema for all users?

发生的事情是，一些客户站点经常通过SQL Injection被黑，他们可以从information_schema表/视图中获取数据库结构.当然，我们需要更改PHP代码以防止SQL注入，但是我仍然想在服务器范围内限制对information_schema的访问.

What happens is that, some customer sites are getting hacked frequently through SQL Injection and they can get the database structure from information_schema table/view. Of course, we need to change the PHP codes to prevent SQL Injection, but still I would like to restrict access to information_schema server-wide.

请指导我...在此先感谢

Please guide me... thanks in advance

推荐答案

是一个虚拟数据库，其中包含有关当前用户可访问的所有数据库的元信息. IE.它是根据用户权限动态构建的.这不是真正的数据库.在任何情况下，您都不应该不要尝试更改其权限-它会根据服务器状态动态更新.

The INFORMATION_SCHEMA is a virtual database that holds meta-information about all databases accessible to current user. I.e. it's build dynamically according to user's permissions. It isn't real database. You should not try to change permissions to it in any case - it's updated dynamically according to server's state.

所以您的问题毫无意义.如果某人会危及某些用户并获得其权限的系统控制权，那么他将能够按定义访问该用户的INFORMATION_SCHEMA(因为该用户可以访问其权限所允许的任何内容-INFORMATION_SCHEMA为用户权限的投影").

So your question has little sense. If someone will compromise some of users and get system control with it's permissions, he will be able to access to INFORMATION_SCHEMA for that user by definition (as that user can access any thing which is allowed by it's permissions - INFORMATION_SCHEMA is "a projection" of user's permissions).

这篇关于MYSQL限制用户对information_schema的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！