简体繁体 English

应用程序用户/安全的MySQL基本权限

[英]MySQL Basic Privileges For Application User / Security

原文 2015-12-09 20:04:19 5 1 mysql/ database/ security/ privileges

What is the basic recommended privileges list that I must disable for MySQL user (that created for web application) to make application more secure? 我必须为MySQL用户（为Web应用程序创建）禁用的基本推荐权限列表是什么，以使应用程序更安全？

I mean privileges like FILE and may be other privileges ? 我的意思是像FILE这样的特权，可能是其他特权？

1 个解决方案

For my situation in phpMyAdmin, this was keeping the 'Data' checkboxes ticked, and the rest of the 'Structure' and 'Administration' options disabled, with the remaining 'Resource Limits' and 'Require SSL' options unchanged. 对于我在phpMyAdmin中的情况，这是保持勾选“数据”复选框，其余的“结构”和“管理”选项被禁用，其余的“资源限制”和“需要SSL”选项保持不变。

So this will allow a user to view their information, amend it, remove it, and upload let's say a profile picture. 因此，这将允许用户查看他们的信息，修改它，删除它，并上传让我们说一个个人资料图片。

You may also find these are similar limited permissions when viewing phpmyadmin the cPanel of hosting companies like SiteGround. 您可能还会发现这些是类似的有限权限，当查看phpmyadmin托管公司的cPanel，如SiteGround。