MySQL takes the following measures to prevent misuse of user-defined functions.
You must have the INSERT
privilege to be able to use CREATE
FUNCTION
and the
DELETE
privilege to be able to
use DROP FUNCTION
. This is
necessary because these statements add and delete rows from
the mysql.func
table.
UDFs should have at least one symbol defined in addition to
the xxx
symbol that corresponds to the main
xxx()
function. These auxiliary symbols
correspond to the xxx_init()
,
xxx_deinit()
,
xxx_reset()
,
xxx_clear()
, and
xxx_add()
functions.
mysqld also supports an
--allow-suspicious-udfs
option
that controls whether UDFs that have only an
xxx
symbol can be loaded. By default, the
option is off, to prevent attempts at loading functions from
shared object files other than those containing legitimate
UDFs. If you have older UDFs that contain only the
xxx
symbol and that cannot be recompiled to
include an auxiliary symbol, it may be necessary to specify
the --allow-suspicious-udfs
option. Otherwise, you should avoid enabling this capability.
UDF object files cannot be placed in arbitrary directories.
They must be located in the server's plugin directory. This
directory is given by the value of the
plugin_dir
system variable.