When you create a database table, you are doing under the alias you assume when logging in to the db client program. This alias the hold ALL permissions for the dattabase, table, and whatever you create.
All permissions include
all privileges, ie
referencesincluding create/drop permissions for foreign key constraints
Please refer to
the mysql documentation, particularly figure 6.2
for full scope of
That is a hell of a lot of permissions for programs that
really just need to have
in order to display some content. What do we do about that?
is quite enough for most programs
grant select on table17 to nobody;
grant insert on table17 to nobody;
Just to remind you, once rights are granted, they can only
be taken away by the
such as in
revoke insert on table17 from nobody;
In this way, and only in this way, you can be sure that even if you have security breaches in your authentication, the database is vulnetrable only as far as the programs' permissions.