MySQL Forums
Forum List  »  Security

Re: how to disable root password reset : mysqld --skip-grant-tables &
Posted by: Georgi Kodinov
Date: April 08, 2018 06:00AM

--skip-grant-tables basically allows everyone with local access to the disk data used by mysql to start the server and read the data.
This is a widely used mode and kind of non-trivial to prevent without OS specific tricks. If they had access to the disk images how would you prevent one from writing a program that will read the data from the files ? E.g. there's such a program in Ruby nowadays. And since mysql is open source it's not very hard for one to write their own.

So the real thing to protect against is having local access to the disk data.
But 5.0 doesn't offer a lot for that.
In 5.7 we've added tablespace encryption for innodb tables: you can store the key needed to decrypt the data on another computer and control the access to it.
And in 8.0 when you specify --skip-grant-tables it also automatically sets --skip-networking so only local access is possible.

Georgi "Joro" Kodinov
MySQL SrvGen team lead
Plovdiv, Bulgaria

Options: ReplyQuote


Subject
Views
Written By
Posted
Re: how to disable root password reset : mysqld --skip-grant-tables &
801
April 08, 2018 06:00AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.