Willaby: So it’s just his setting to be “nice” or to be evil. That is nothing I can set in the master, right?
Swearinger: If all he has is replication slave, then he can read everything in the binary log, but not do any other queries on the master.
Bessent: Yeah but he will propably have read access to every database?
Lisle: The user with “replication slave” exists on the master.
Reisdorf: Testerde_: i’m unsure how replicate privilege can be used on the master to perform normal SQL queries if it _is_ possible, but that’s why you should have a separate replication user, known only to the slave and master instances.
Mccaskey: What users you have on the slave have nothing to do with it.
Groote: Just concerned about privacy
Dias: Testerde_: have you configured your slave instance to be globally read-only?
Averitt: StrixUK: let me clarify my question.
Frisco: As snoyes says, the user with replication privilege need only exist on the master, but unless you prevent the mysql schema from being replicated, your users and privileges will get replicated along with everything else
Reef: I’m really just concerned about the privacy of the data in all databases. If I have one user that is granted the right to replicate the DB – there is no Gallon to tell this particual user to have only right to replicate database X, but not Y and Z. Am I right to that?
Smithen: But replicating that privilege just means that the slave could have some other slave connect to it and read its binary log. Still doesn’t give access to any databases.
Devereaux: Testerde_: Correct. If they can replicate, they can replicate anything in the binary log.
Thruman: So if this particular user is evil, he could replicate the whole instance and then with maybe root access read everything inside the DB
Milas: That particular user could read anything written to the master’s binary log. Period.
Cleghorn: No other queries. They’d need a different user for that.
Reglin: So that’s everything or?
Nealeigh: With mysql_binlog = $datadir
Piehler: Everything from every database will be written to that or am I wrong?
Surprise: Every change to every database will be written there by default, yes.
Lahip: You can filter what gets written there
Shawhan: So when this is default setting and set
Mulnix: Binlog-do-db or binlog-ignore-db, and users with SUPER can disable binary logging.
Venard: The “evil” replication_slave granted user can actually read everything?!?!?!
Oloughlin: What else is there he couldn’t read then?
Polle: Can read everything written to the binary log. Cannot run arbitrary queries on your database.
Ulbrich: Yeah, but privacy-relevant: read everything
Riccitelli: Could not read anything you write when you have set sql_log_bin=0, for example
Lunday: Say I have databases with usernames etc
Coltey: Could not read anything that was in the database before you started binary logging
Weafer: Could not read binary logs that you have purged already
Sassman: But I can not be safe that he can only read one database
Rydzewski: He can’t read any databases.
Cuzzi: He can only read the binary log.
Riedl: But he can read events in the binary log that came from any database, yes.
Mainello: So this setting binlog-do-db= is only a way for the client to filter what will be actually “updated” in the slave
Schink: It is a way for the master to filter what is written to the binary log
Kakaviatos: SELECT id,identifier,created_at,action,log_output FROM transactions WHERE status=’pending’ AND created_at current_timestamp – INTERVAL 6 HOUR
Schnorr: SELECT id FROM log_items WHERE target_id=$$$$$
Baldrige: The slave can use replicate- filters to filter what it actually applies from what it reads