patternsqlMinor
Disabling "SHOW TABLES;" on mysql
Viewed 0 times
showdisablingmysqltables
Problem
I have been looking all over the web now, and can not seem to find the option to disable this command. I think this is quite a risky security hole.
There is an option to disable
Maybe some of you had
There is an option to disable
SHOW DATABASES; , but not SHOW TABLES;Maybe some of you had
Solution
As far as I know you cannot disable
SHOW TABLES, but if you have only assigned permissions to tables that the user should be able to access, I don't see how there is a security issue. A user cannot list tables to which he has no permissions.root@beren [~]# mysql -u root -p
Enter password:
mysql> use foo;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+---------------+
| Tables_in_foo |
+---------------+
| bar |
| baz |
+---------------+
2 rows in set (0.00 sec)
mysql> create user 'quux'@'localhost' identified by '*******';
Query OK, 0 rows affected (0.00 sec)
mysql> grant select on table foo.bar to 'quux'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)
mysql> exit
Bye
root@beren [~]# mysql -u quux -p foo
Enter password:
mysql> show tables;
+---------------+
| Tables_in_foo |
+---------------+
| bar |
+---------------+
1 row in set (0.00 sec)
mysql>Code Snippets
root@beren [~]# mysql -u root -p
Enter password:
<-- SNIP -->
mysql> use foo;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+---------------+
| Tables_in_foo |
+---------------+
| bar |
| baz |
+---------------+
2 rows in set (0.00 sec)
mysql> create user 'quux'@'localhost' identified by '*******';
Query OK, 0 rows affected (0.00 sec)
mysql> grant select on table foo.bar to 'quux'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)
mysql> exit
Bye
root@beren [~]# mysql -u quux -p foo
Enter password:
<-- SNIP -->
mysql> show tables;
+---------------+
| Tables_in_foo |
+---------------+
| bar |
+---------------+
1 row in set (0.00 sec)
mysql>Context
StackExchange Database Administrators Q#33659, answer score: 5
Revisions (0)
No revisions yet.