From 342b122a63a05bb350e9d6e7cac979da5281e0ba Mon Sep 17 00:00:00 2001 From: DasBlub Date: Thu, 13 Jan 2011 23:13:36 +0100 Subject: [PATCH] [11019] Improve the security for the MySQL DB There has been a security risk as the 'mangos' user had full access to all databases on the MySQL server. The new create_mysql.sql file now gives more restrictive rights so that the 'mangos' user can only do what he really needs to do. If you have already set up the DB and want to make sure, that it's more secure, open up the MySQL doc about the 'REVOKE' command and revoke all rights for that user from any other db. Alternatively you can revoke ALL rights from the 'mangos' user and then re-grant him as done in the file. --- sql/create_mysql.sql | 9 ++++----- src/shared/revision_nr.h | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/sql/create_mysql.sql b/sql/create_mysql.sql index 5a39665d7..e467d301b 100644 --- a/sql/create_mysql.sql +++ b/sql/create_mysql.sql @@ -1,14 +1,13 @@ -GRANT USAGE ON * . * TO 'mangos'@'localhost' IDENTIFIED BY 'mangos' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 ; - CREATE DATABASE `mangos` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; CREATE DATABASE `characters` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; CREATE DATABASE `realmd` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; -GRANT ALL PRIVILEGES ON `mangos` . * TO 'mangos'@'localhost' WITH GRANT OPTION; +CREATE USER 'mangos'@'localhost' IDENTIFIED BY 'mangos'; -GRANT ALL PRIVILEGES ON `characters` . * TO 'mangos'@'localhost' WITH GRANT OPTION; +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, LOCK TABLES ON `mangos`.* TO 'mangos'@'localhost'; -GRANT ALL PRIVILEGES ON `realmd` . * TO 'mangos'@'localhost' WITH GRANT OPTION; +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, LOCK TABLES ON `characters`.* TO 'mangos'@'localhost'; +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, LOCK TABLES ON `realmd`.* TO 'mangos'@'localhost'; diff --git a/src/shared/revision_nr.h b/src/shared/revision_nr.h index d44847910..e54deecfc 100644 --- a/src/shared/revision_nr.h +++ b/src/shared/revision_nr.h @@ -1,4 +1,4 @@ #ifndef __REVISION_NR_H__ #define __REVISION_NR_H__ - #define REVISION_NR "11018" + #define REVISION_NR "11019" #endif // __REVISION_NR_H__