Paul DuBois wrote:
> >Paul DuBois wrote:
> >> >If I were a customer of an ISP, I would want the following with regards
> >> >to MySQL:
> >> >
> >> > - The admin having a decent understanding of MySQL
> >> > - Shell access to the server with the setup so that I can read the
> >> >when things go wrong
> >> > - Option of having a dedicated server or being able to share one
> >> >with only a few other clients that I trust
> >> > - Good security: SSH, firewall, no funny unnecessary services,
> >> >blocking port 3306 for external connections
> >> All good common-sense ideas. About your second item: the logs contain
> >> the text of queries (like SET PASSWORD!), so how would you balance the
> >> desire on the part of the customer for access to information with the
> >> desire on the part of the admin to preserve the privacy of other customers?
> >> Or was that the idea of your third item -- since by setting up multiple
> >> servers, one per group of clients, you could keep each of them from reading
> >> the others' logs?
> >> --
> >> Paul DuBois, paul@stripped
> >Hi Paul
> >You should always use "SET OPTION SQL_LOG_OFF=1" and "SET OPTION
> >SQL_LOG_UPDATE=0" before changing priviledges (and resetting them
> >afterwards :).
> >I know this can only be done from the DB admin with PROCESS priviledge.
> >Perhaps this could be included into the "SET OPTION PASSWORD=..." syntax too?
> >What do you think?
> I'm not sure I understand what you're suggesting. Do you mean that SET OPTION
> PASSWORD might be changed to allow regular users to turn off logging for just
> that command?
> If so, yes, I think that might be useful.
> Paul DuBois, paul@stripped
You understood my suggestion :)
What I think of is something like that:
SET OPTION PASSWORD=... [NO_LOG] [NO_UPDATE_LOG]
With that enhanced syntax, you could leave both "SET OPTION SQL_LOG..." commands untouched
(= restricted to user with PROCESS priviledge).
I send a copy of this to the mysql mailinglist as well.
So what do others think about it?