Is it secure to put a mysqldumped file online?



  • I made a database table of emoji country codes. I exported the data via mysqldump into a file called countries.sql.

    I want to share it because it was a hassle finding anything like this, so I want to save people the trouble.

    No sensitive data is in the table, but in the heading of the file, it seems like some information could be used in a attack, but I'm not really sure. It gives information about the OS and DB engine. I'm sure you could get this information in other ways, but I figured I'd ask before I do.

    Here is the heading of the sql file.

    --
    -- Host: localhost    Database: analytics
    -- ------------------------------------------------------
    -- Server version       5.7.33-0ubuntu0.18.04.1
    
    /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
    /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
    /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
    /*!40101 SET NAMES utf8 */;
    /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
    /*!40103 SET TIME_ZONE='+00:00' */;
    /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
    /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
    /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
    /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
    


  • Basically there is not so much information that attacker can use, but lets see an example scenario: You will allow users to download the mysql dump file from your web host, and the file will include the operating system and version this may give the attacker ground to step on and try to find exploit for that OS and version, but unless is very outdated there is nothing to worry about. You can simply remove those lines by yourself or specify it in the software you are using to dump that file(example: phpmyadmin).



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2