Tuesday, April 19, 2011

Explaining what the default PROXY privilege for root does

In a default MySQL 5.5.8 installation there is one PROXY privilege:

GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION

What this does is:
If USER() and CURRENT_USER() don't match root is still allowed to grant the proxy privilege.

So if you connect using someuser@localhost using LDAP and LDAP tells you're root then you're still allowed to grant proxy privileges. This will only work if your user has the privilege to proxy to root.

The documentation for PROXY is here.
Posted by Daniël van Eeden at 2:45 PM

11 comments:

  1. David WarnerSeptember 28, 2013 at 2:48 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  2. Julia DavidAugust 30, 2014 at 10:52 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  3. FrankMay 28, 2018 at 7:12 PM

    A Proxy can save you from this.popcorn time When you are associated with the Proxy, your IP address is covered up.

    ReplyDelete
  4. mona martinSeptember 8, 2018 at 3:10 PM

    You have made some decent points there. I looked on the internet for more information about the issue and found most people will go along with your views on this web site. vpnveteran

    ReplyDelete
  5. MatiasSeptember 16, 2018 at 7:43 PM

    The most inspiring stuff commonly is probably the most dull or boring concern. a single rooster may not be in the same woody plant strip very long, and also the pets within the pine is a kind of weight, always want to consult the next stars, the particular fowl because the plants are really hesitant to facial expression an equal beautiful places day by day. visita il sito

    ReplyDelete
  6. Ella lilySeptember 24, 2018 at 3:03 PM

    I know your aptitude on this. I should say we ought to have an online discourse on this. Composing just remarks will close the talk straight away! What's more, will confine the advantages from this data.  diebestenvpn

    ReplyDelete
  7. MatiasSeptember 27, 2018 at 9:25 PM

    The website is looking bit flashy and it catches the visitors eyes. Design is pretty simple and a good user friendly interface. VPN

    ReplyDelete
  8. Alex dainaSeptember 28, 2018 at 2:46 PM

    In any case, regardless of whether you can envision the idea driving on the web check liquidating or not, the innovation really exists.Check Cashing Lemon-Grove

    ReplyDelete
  9. mona martinOctober 8, 2018 at 11:48 PM

    Great post i must say and thanks for the information. Education is definitely a sticky subject. However, is still among the leading topics of our time. I appreciate your post and look forward to more home cleaning new york https://weneedprivacy.com

    ReplyDelete
  10. James harperOctober 13, 2018 at 2:35 PM

    I'm impressed, I must say. Very rarely do I come across a blog thats both informative and entertaining, and let me tell you, you ve hit the nail on the head. Your blog is important.. https://www.lemigliorivpn.com

    ReplyDelete
  11. royNovember 13, 2018 at 10:37 AM

    Attempt restoring the Contivity association by tapping the Connect catch. On the off chance that this works, the association was most likely lost because of the Idle Timeout arranged on the Contivity VPN Switch. https://www.router-reset.com/can-isp-see-vpn/

    ReplyDelete

Subscribe to: Post Comments (Atom)