The following mysqld options affect security:
--local-infile[=(0|1)] | If one uses --local-infile=0 then one can't use LOAD DATA LOCAL INFILE. |
--safe-show-database | With this option, the SHOW DATABASES statement returns only those databases for which the user has some kind of privilege. From version 4.0.2 this option is deprecated and doesn't do anything (the option is enabled by default) as we now have the SHOW DATABASES privilege. See GRANT. |
--safe-user-create |
If this is enabled, an user can't create new users with the GRANT
statement, if the user doesn't have the INSERT privilege for the
mysql.user table. If you want to give a user access to just create
new users with those privileges that the user has right to grant, you should
give the user the following privilege:
mysql> GRANT INSERT(user) ON mysql.user TO 'user'@'hostname';This will ensure that the user can't change any privilege columns directly, but has to use the GRANT statement to give privileges to other users. |
--skip-grant-tables | This option causes the server not to use the privilege system at all. This gives everyone full access to all databases! (You can tell a running server to start using the grant tables again by executing mysqladmin flush-privileges or mysqladmin reload.) |
--skip-name-resolve | Hostnames are not resolved. All Host column values in the grant tables must be IP numbers or localhost. |
--skip-networking | Don't allow TCP/IP connections over the network. All connections to mysqld must be made via Unix sockets. This option is unsuitable when using a MySQL version prior to 3.23.27 with the MIT-pthreads package, because Unix sockets were not supported by MIT-pthreads at that time. |
--skip-show-database | Don't allow the SHOW DATABASES statement, unless the user has the SHOW DATABASES privilege. From version 4.0.2 you should no longer need this option, since access can now be granted specifically with the SHOW DATABASES privilege. |