Overview of security measures for UDFs, including file location restrictions, required privileges, and system variable configurations.
The MariaDB server imposes a number of limitations on user-defined functions for security purposes.
The INSERT privilege for the mysql database is required to run CREATE FUNCTION, as a record are added to the mysql.func-table.
The DELETE privilege for the mysql database is required to run DROP FUNCTION as the corresponding record are removed from the mysql.func-table.
UDF object files can only be placed in the plugin directory, as specified by the value of the system variable.
At least one symbol, beyond the required x() , corresponding to an SQL function X(), is required. These can be x_init(), x_deinit(), xxx_reset(), x_clear(), and x_add() functions (see ). The mariadbd option (by default unset) provides a workaround, permitting only one symbol to be used. This is not recommended, as it opens the possibility of loading shared objects that are not legitimate user-defined functions.
This page is licensed: CC BY-SA / Gnu FDL