Nobody has mentioned this yet, so maybe I should. Accpording to the MySQL documentation the infromation schema is database and there is no suggestion that the access controls do not work. You should be able to determine who has what access to the information schema using standard grant and revoke commands. I know my database using code has no need for the information schema, because the queries and types of the results are both fixed in advance, albeit with some limited variable portions. The obvious tools not working, due to lack of access to the database schema, might slow down some crackers by a worthwhile amount. The original poster might be well serverd by a program that does predetermined queries, using a restricted identity for extra security, and keeps the connection detials to itself. (I do not think obscuring the database structure is worth much except as one of a wider set of security measures.) --k0QLwNOi013478.1138312704/mail.simpson.demon.co.uk Content-Type: text/plain Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems."
