How do I restrict access to user-defined functions in MySQL

Question

I am new to MySQL and I ran a Nessus scan on one my Servers and encountered a security finding which has a workaround to Restrict access to user-defined functions. Can someone help me please?

Update

The workaround is to Restrict access to create user-defined functions on the server

Sounds like the security finding might be due to database users having been granted `CREATE ROUTINE` and/or `ALTER ROUTINE` privilege. This question might better be asked on **dba.stackexchange.com**. — spencer7593, Aug 08 '14 at 20:06

Lfa · Answer 1 · 2014-08-08T19:48:43.363

3

This should work.

You can read more here http://dev.mysql.com/doc/refman/5.0/en/revoke.html

REVOKE EXECUTE ON FUNCTION mydb.myfunc FROM 'someuser'@'somehost';

However,

In my opinion it's better to grant certain users specific permissions rather making everything accessible and revoking perms from users. (It depends on the application)

edited Aug 08 '14 at 19:48

answered Aug 08 '14 at 19:42

Lfa

1,069
2
10
23

score 2 · Answer 2 · answered Aug 08 '14 at 19:38

2

Learn how to GRANT permission only to specific user ids and hosts:

http://dev.mysql.com/doc/refman/5.1/en/grant.html

answered Aug 08 '14 at 19:38

duffymo

305,152
44
369
561

How do I restrict access to user-defined functions in MySQL

2 Answers2

Linked