Is giving out login information to a read-only mysql database to the public a security threat?

Question

I was looking to give out login information to a read-only mysql database (via phpmyadmin) to the public (the users of my program) to use for reference purposes on a production environment. Would I be risking anything on my side by doing so (assuming all privileges were locked down and the users could literally only read the database)?

Data like: License Validation (Verifying if a user has a license key purchased and if they do remove Copyright Footer) and Data Like: Chargeback or Fradulent Paypal User Emails

My only main concern is having the whole server compromised just because someone knows a username or password for the actual read-only database.

How can that question possibly be answered without knowing what kind of data is in the database? — Stephen Touset, Apr 02 '14 at 05:23
why dont you build a custom page to diplay that data, but instead give world & dog access to all data? — that guy from over there, Apr 02 '14 at 08:28

score 7 · Accepted Answer · answered Apr 02 '14 at 06:04

Yes, of course is a potential security threat. MySQL can always have a vulnerability in it, perhaps something like CVE-2003-0150 MySQL Root Privilege Escalation Vulnerability from many years ago.

New flaws can be introduced with any update, and old flaws can be discovered at any time.

Just because you ask MySQL not to let the user run or create anything doesn't mean MySQL is perfectly effective at doing so at all times and after each update.

And, naturally, if then can execute SELECTs, they can execute SELECT with a cartesian product large enough to choke your server completely via IO and/or CPU load, or use up as much of network bandwidth as they can obtain.

This is not even counting possible fun with transaction isolation level to try and cause locking and deadlocks. Watch out for temporary tables as well, of course.

dont forget those endless phpmyadmin-exploits – that guy from over there Apr 02 '14 at 06:34 — that guy from over there, Apr 02 '14 at 06:34

pacifist · Answer 2 · 2014-04-02T06:08:36.023

3

Would I be risking anything on my side by doing so?

yes.

... Even if the system is 'secure' (i.e. no priv esc vulnerabilities as the other guy correctly mentioned - you're making access easy for that kind of thing) they can DoS your system with expensive queries.

I'd also make sure you definitely lock down all privileges to ruin fun like

…’ UNION ALL SELECT LOAD_FILE(‘/etc/passwd’) -— priv, can only read world-readable files.

edited Apr 02 '14 at 06:08

answered Apr 02 '14 at 05:55

pacifist

814
4
9

Well assuming nothing could be run, or created, just read, is there still a threat? – aman207 Apr 02 '14 at 06:00
Assuming no queries could be run, there would be no point in giving them a password anyway. – Stephen Touset Apr 02 '14 at 06:01
1

Stephen's right - by giving them read privileges they can run select queries yes? ... it's not difficult to make select queries that take a lot of resources. Ever tried to run a 15-way join ?.. – pacifist Apr 02 '14 at 06:04

Is giving out login information to a read-only mysql database to the public a security threat?

2 Answers2