mysqlsecuritysql-grantsystem-variable

How to prevent a DB user from querying System Variables


I am using MySql 5.6. Currently with the grants provided to a user, say USER_1, it can query the system variables like @@version, @@hostname etc.

e.g.

SELECT @@VERSION;
SELECT @@HOSTNAME;

What privileges are required for that user to be able to query these system variables and more importantly, how can I revoke those privileges?


Solution

  • There are no privileges required to query system variables, and thus you cannot revoke those rights:

    SHOW VARIABLES shows the values of MySQL system variables (see Section 5.1.7, “Server System Variables”). This statement does not require any privilege. It requires only the ability to connect to the server.

    This includes using them in a select, you do not need specific permissions to do that either. You can only prevent that by not letting the user run arbitrary queries of his choice on your server.