List:General Discussion« Previous MessageNext Message »
From:Christian Mack Date:August 20 1999 4:27pm
Subject:[RFE] SET OPTION PASSWORD was (MySQL ISP issues)
View as plain text  
Paul DuBois wrote:
> 
> >Paul DuBois wrote:
> >>
> >> >If I were a customer of an ISP, I would want the following with regards
> >> >to MySQL:
> >> >
> >> > - The admin having a decent understanding of MySQL
> >> > - Shell access to the server with the setup so that I can read the
> logs
> >> >when things go wrong
> >> > - Option of having a dedicated server or being able to share one
> server
> >> >with only a few other clients that I trust
> >> > - Good security: SSH, firewall, no funny unnecessary services,
> firewall
> >> >blocking port 3306 for external connections
> >>
> >> All good common-sense ideas.  About your second item: the logs contain
> >> the text of queries (like SET PASSWORD!), so how would you balance the
> >> desire on the part of the customer for access to information with the
> >> desire on the part of the admin to preserve the privacy of other customers?
> >>
> >> Or was that the idea of your third item -- since by setting up multiple
> >> servers, one per group of clients, you could keep each of them from reading
> >> the others' logs?
> >>
> >> --
> >> Paul DuBois, paul@stripped
> >
> >Hi Paul
> >
> >You should always use "SET OPTION SQL_LOG_OFF=1" and "SET OPTION
> >SQL_LOG_UPDATE=0" before changing priviledges (and resetting them
> >afterwards :).
> >
> >I know this can only be done from the DB admin with PROCESS priviledge.
> >Perhaps this could be included into the "SET OPTION PASSWORD=..." syntax too?
> >
> >What do you think?
> 
> I'm not sure I understand what you're suggesting.  Do you mean that SET OPTION
> PASSWORD might be changed to allow regular users to turn off logging for just
> that command?
> 
> If so, yes, I think that might be useful.
> 
> --
> Paul DuBois, paul@stripped

Hi Paul

You understood my suggestion :)

What I think of is something like that:
SET OPTION PASSWORD=... [NO_LOG] [NO_UPDATE_LOG]

With that enhanced syntax, you could leave both "SET OPTION SQL_LOG..." commands untouched
(= restricted to user with PROCESS priviledge).

I send a copy of this to the mysql mailinglist as well.
So what do others think about it?

Tschau
Christian

Thread
MySQL ISP issuesPaul DuBois14 Aug
  • Re: MySQL ISP issuesTonu Samuel15 Aug
  • Re: MySQL ISP issuesSasha Pachev15 Aug
    • Re: MySQL ISP issuesPaul DuBois15 Aug
  • [RFE] SET OPTION PASSWORD was (MySQL ISP issues)Christian Mack20 Aug
    • Re: [RFE] SET OPTION PASSWORD was (MySQL ISP issues)Thimble Smith20 Aug
      • Re: [RFE] SET OPTION PASSWORD was (MySQL ISP issues)Michael Widenius22 Aug
  • Re: [RFE] SET OPTION PASSWORD was (MySQL ISP issues)Christian Mack8 Sep
Re: MySQL ISP issuesChristopher R. Jones14 Aug
  • Re: MySQL ISP issuesPaul DuBois14 Aug