35.6. FEDERATED Table Security


35.6. FEDERATED Table Security

When you create a FEDERATED table, you provide a connection string in the COMMENT option of the CREATE TABLE statement. This string includes the connection parameters to use for connecting to the remote server where the original table actually is located. For example:

 CREATE TABLE FedCity (     ID          INT NOT NULL AUTO_INCREMENT,     Name        CHAR(35) NOT NULL,     CountryCode CHAR(3) NOT NULL,     District    CHAR(20) NOT NULL,     Population  INT NOT NULL,     PRIMARY KEY (ID) ) ENGINE=FEDERATED COMMENT='mysql://wuser:wpass@world.example.com/world/City'; 

The username and password (wuser and wpass) are visible as plain text in the FedCity table definition, which can present a security risk in several ways:

  • A user who can use SHOW CREATE TABLE or SHOW TABLE STATUS for the table can see the COMMENT value. The same is true if the user can select information about the table from the TABLES table of INFORMATION_SCHEMA. To prevent this, don't grant privileges for the FedCity table to other users.

  • The FedCity table definition is stored in its .frm format file. A user with read access to the file can see the username and password. To prevent this, follow the data directory protection procedures outlined in Section 35.3, "Filesystem Security."



MySQL 5 Certification Study Guide
MySQL 5.0 Certification Study Guide
ISBN: 0672328127
EAN: 2147483647
Year: 2006
Pages: 312

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net