禁用“显示表​​格;” 在 mysql 上

Kat*_*kas 3 mysql

我现在一直在网上查找,似乎找不到禁用此命令的选项。我认为这是一个相当危险的安全漏洞。

有一个选项可以禁用SHOW DATABASES;,但没有SHOW TABLES;

也许你们中的一些人曾经

mdo*_*yle 5

据我所知,您无法禁用SHOW TABLES,但如果您只为用户应该能够访问的表分配了权限,我不明白如何存在安全问题。用户无法列出他没有权限的表。

root@beren [~]# mysql -u root -p
Enter password:

<-- SNIP -->

mysql> use foo;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+---------------+
| Tables_in_foo |
+---------------+
| bar           |
| baz           |
+---------------+
2 rows in set (0.00 sec)

mysql> create user 'quux'@'localhost' identified by '*******';
Query OK, 0 rows affected (0.00 sec)

mysql> grant select on table foo.bar to 'quux'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)

mysql> exit
Bye
root@beren [~]# mysql -u quux -p foo
Enter password:

<-- SNIP -->

mysql> show tables;
+---------------+
| Tables_in_foo |
+---------------+
| bar           |
+---------------+
1 row in set (0.00 sec)

mysql>
Run Code Online (Sandbox Code Playgroud)