6.3 Avoid Privilege Escalation

Unless carefully designed, routines may effectively grant users more privileges than was intended. Wherever possible, run code with invoker's rights to minimize the scope for privilege escalation attacks and to mitigate the impact of a successful SQL injection attack.

Where this is not possible, then routines that run with definer's rights should be carefully reviewed to ensure that the database privilege model is upheld.

If none of the methods of execution (definer's rights, invoker's rights) appear suitable, consider implementing specific bypass checks for the duration of the call. See lesson 2.2 for more on executing code with invoker's rights.