Best practices

Mysql instance with ‘skip_show_database’ flag disabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

'skip_show_database' database flag prevents people from using the SHOW DATABASES statement if they do not have the SHOW DATABASES privilege. This can improve security if you have concerns about users being able to see databases belonging to other users. Its effect depends on the SHOW DATABASES privilege: If the variable value is ON, the SHOW DATABASES statement is permitted only to users who have the SHOW DATABASES privilege, and the statement displays all database names. If the value is OFF, SHOW DATABASES is permitted to all users, but displays the names of only those databases for which the user has the SHOW DATABASES or other privilege.
  • Recommended Mitigation

    Make sure 'skip_show_database' is enabled