Name
DYN-03: Consider the invoker rights method for stored code that executes dynamic SQL
Synopsis
The definer rights model—in which stored programs execute with the permissions of the creator rather than the invoker—generally confers significant security advantages, since you can allow access to database objects only under the controlled conditions implemented in your stored programs.
However, in the case of stored programs that contain dynamic SQL, the definer rights model can create security concerns, since these programs can conceivably be vulnerable to SQL injection, as described in Chapter 18. Since the creator of the stored program is almost always a highly privileged user, the implications of SQL injection into a definer rights procedure is potentially very serious indeed.
Whenever you create a stored program that processes a dynamic SQL statement, you should consider defining the program with the invoker rights model. Do this by adding the following clause to the program header:
SQL SECURITY INVOKER
This clause ensures that the dynamic SQL string is parsed under the authority of the account currently running the program.
Without the SQL SECURITY
INVOKER clause, the stored program will execute with the
privileges of the user that created the stored program. Since—by
definition—you don’t know exactly the full text of the dynamic SQL
to be executed, you almost always want the SQL to be rejected if
the user does not have sufficient privileges.
Using the alternative definer rights ...
Get MySQL Stored Procedure Programming now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
