-
Nuno Carvalho authored
When binlog_rows_query_log_events = 1 and a statement is written to the binary log in row format, the server generates a log event containing the original query text. If mysqlbinlog is given the option --verbose --verbose the original statement is printed. To prevent the statement from being executed, it is prefixed by '#'. However, this is not enough for multi-line statements: only the first line of the query will be commented out. If a malicious user knows that the binary log will be processed using mysqlbinlog --verbose --verbose, then the user can execute arbitrary statements on the server. Prefix every line of a multi-line query with '#' to prevent the statement from being executed when binary log will be processed using 'mysqlbinlog --verbose --verbose'.
Nuno Carvalho authoredWhen binlog_rows_query_log_events = 1 and a statement is written to the binary log in row format, the server generates a log event containing the original query text. If mysqlbinlog is given the option --verbose --verbose the original statement is printed. To prevent the statement from being executed, it is prefixed by '#'. However, this is not enough for multi-line statements: only the first line of the query will be commented out. If a malicious user knows that the binary log will be processed using mysqlbinlog --verbose --verbose, then the user can execute arbitrary statements on the server. Prefix every line of a multi-line query with '#' to prevent the statement from being executed when binary log will be processed using 'mysqlbinlog --verbose --verbose'.
Loading