Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "what are the principles of MySQL database authorization". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Server restart

When mysqld starts, all authorization table contents are read into memory and take effect from then on.

The case of being applied immediately by the server

Changes made to the authorization table with GRANT, REVOKE, or SETPASSWORD are immediately noticed by the server.

Direct modification of authorization form

If you manually modify the authorization table (using INSERT, UPDATE, etc.), you should execute a FLUSHPRIVILEGES statement or run mysqladminflush-privileges to tell the server to load the authorization table, otherwise your changes will not take effect unless you restart the server.

Impact on existing customer connection

When the server notices that the authorization table has been changed, the existing customer connection has the following impact:

Table and column permissions take effect on the customer's next request. The database permission change takes effect on the next USEdb_name command. Global permission changes and password changes take effect the next time the customer connects.

Authorization principle

No matter how careful you are, it is inevitable that there are loopholes in authorizing users. I hope the following content will give you some help. You should generally follow these rules.

Only root users have the right to rewrite the authorization table

Do not grant authorization table rewriting rights to users other than root users (of course, if you can manage it with another user instead of root users to increase security). Because of this, users can override existing permissions by rewriting the authorization table. Create a security breach.

In general, you may not make this error, but after installing the new distribution, the initial authorization table. This loophole exists, and you may make mistakes if you don't understand the contents of the authorization form at this time.

What are the principles of MySQL database authorization

On Unix (Linux), after installing MySQL according to the instructions in the manual, you must run the mysql_install_db script to create the mysql database containing the authorization table and initial permissions. On Windows, run the Setup program in the distribution to initialize the data catalog and mysql database. Assume that the server is also running.

When you first install MySQL on your machine, the authorization table in the mysql database is initialized as follows:

You can connect with root from the local host (localhost) without specifying a password. The root user has all privileges, including administrative privileges, and can do anything. (by the way, MySQL superusers and Unix superusers have the same name, and they have nothing to do with each other.) Anonymous access is granted to users to connect locally to a database with the name test and any database whose name starts with test_. Anonymous users can do anything to the database, but do not have administrative privileges.

In general, it is recommended that you delete anonymous user records:

Mysql > DELETEFROMuserWHEREUser= ""

Further, delete any anonymous users from other authorization tables, such as db, tables_priv, and columns_priv, with the User column.

In addition, set the password for the root user.

About the settings of users, passwords and hosts

Use a password for all MySQL users.

Remember, if other_user doesn't have a password, anyone can simply log in as anyone else with mysql-uother_userdb_name. For client / server applications, it is a common practice that customers can specify any user name. Before you run it, you can change all users' passwords by editing the mysql_install_db script, or just MySQLroot passwords, like this:

Shell > mysql-urootmysql

Mysql > UPDATEuserSETPassword=PASSWORD ('new_password')

-> WHEREuser='root'

Mysql > FLUSHPRIVILEGES

This is the end of the content of "what are the principles of MySQL database authorization". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.