Considerations for MySQL permission management

(I) authentication and authorization

Certification: who am I?

Authorization: what I can do?

Authentication is actually a process of verifying creden, And the creden required for entering MySQL include host, username, and password.

There are two common connection methods for MySQL:

① TCP/IP connection

Add the-h parameter, connect to the MySQL instance through TCP/IP, and authenticate the user.

② Socket

-S parameter, can only be used on the same server as the MySQL client and instance

(Ii) There are two high-risk users by default:

(3) % is not omnipotent, at least cannot replace localhost, while MySQL logs in using localhost by default.

Mysql> grant all on *. * to 'David' @ '%' identified by 'oracle ';
Query OK, 0 rows affected (0.05 sec)

[Mysql @ odd ~] $ Mysql-udavid-poracle
ERROR 1045 (28000): Access denied for user 'David' @ 'localhost' (using password: YES)
[Mysql @ odd ~] $ Mysql-udavid-poracle-h 127.0.0.1
ERROR 1045 (28000): Access denied for user 'David' @ 'localhost' (using password: YES)

Mysql> grant all on *. * to 'David' @ 'localhost' identified by 'oracle ';
Query OK, 0 rows affected (0.01 sec)

[Mysql @ odd ~] $ Mysql-udavid-poracle
Welcome to the MySQL monitor. Commands end with; or \ g.
Your MySQL connection id is 9
Server version: 5.5.16-log Source distribution

Copyright (c) 2000,201 1, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
Affiliates. Other names may be trademarks of their respective
Owners.

Type 'help; 'or' \ H' for help. type' \ C' to clear the current input statement.

1 2 Next Page