Home/ Questions/Q 8145659
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T13:44:22+00:00

I have an independent contractor / freelancer helping with with some optimisation on a

  • 0

I have an independent contractor / freelancer helping with with some optimisation on a specific database.

I have created a new user and given them all permissions for that database.

However, they have asked for the following commands to be run and I just need to make sure I am not creating any security vulnerabilities by doing so: 

grant super,reload on *.* to 'odeskuser_priv'@'%' identified by 'abc123'; 
grant all on mysql.* to 'odeskuser_priv'@'%' identified by 'abc123';

If the user “odeskuser” only has access to one database, would those commands be safe and not open any potential threats for the other dbs?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    By looking here:

    http://dev.mysql.com/doc/refman/5.0/en/privileges-provided.html

    Super grants server administration priviliges so I would say that:

    grant super,reload on *.* to 'odeskuser_priv'@'%' identified by 'abc123';

    Would allow that user to open threads to any DB on the server due to the *.* which denotes any DB and any table on the server.

    Edit:

    In fact super is very dangerous to give globally:

    The SUPER privilege enables an account to use CHANGE MASTER TO, KILL
    or mysqladmin kill to kill threads belonging to other accounts (you
    can always kill your own threads), PURGE BINARY LOGS, configuration
    changes using SET GLOBAL to modify global system variables, the
    mysqladmin debug command, enabling or disabling logging, performing
    updates even if the read_only system variable is enabled, starting and
    stopping replication on slave servers, specification of any account in
    the DEFINER attribute of stored programs and views, and enables you to
    connect (once) even if the connection limit controlled by the
    max_connections system variable is reached.

    • 0