From: Christian Mack Date: August 20 1999 4:27pm Subject: [RFE] SET OPTION PASSWORD was (MySQL ISP issues) List-Archive: http://lists.mysql.com/mysql/10838 Message-Id: <37BD81F6.927CA0D7@compal.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Paul DuBois wrote: > > >Paul DuBois wrote: > >> > >> >If I were a customer of an ISP, I would want the following with regards > >> >to MySQL: > >> > > >> > - The admin having a decent understanding of MySQL > >> > - Shell access to the server with the setup so that I can read the logs > >> >when things go wrong > >> > - Option of having a dedicated server or being able to share one server > >> >with only a few other clients that I trust > >> > - Good security: SSH, firewall, no funny unnecessary services, firewall > >> >blocking port 3306 for external connections > >> > >> All good common-sense ideas. About your second item: the logs contain > >> the text of queries (like SET PASSWORD!), so how would you balance the > >> desire on the part of the customer for access to information with the > >> desire on the part of the admin to preserve the privacy of other customers? > >> > >> Or was that the idea of your third item -- since by setting up multiple > >> servers, one per group of clients, you could keep each of them from reading > >> the others' logs? > >> > >> -- > >> Paul DuBois, paul@stripped > > > >Hi Paul > > > >You should always use "SET OPTION SQL_LOG_OFF=1" and "SET OPTION > >SQL_LOG_UPDATE=0" before changing priviledges (and resetting them > >afterwards :). > > > >I know this can only be done from the DB admin with PROCESS priviledge. > >Perhaps this could be included into the "SET OPTION PASSWORD=..." syntax too? > > > >What do you think? > > I'm not sure I understand what you're suggesting. Do you mean that SET OPTION > PASSWORD might be changed to allow regular users to turn off logging for just > that command? > > If so, yes, I think that might be useful. > > -- > Paul DuBois, paul@stripped Hi Paul You understood my suggestion :) What I think of is something like that: SET OPTION PASSWORD=... [NO_LOG] [NO_UPDATE_LOG] With that enhanced syntax, you could leave both "SET OPTION SQL_LOG..." commands untouched (= restricted to user with PROCESS priviledge). I send a copy of this to the mysql mailinglist as well. So what do others think about it? Tschau Christian