Analysis on MySQL database authorization principles

MySQL databaseI believe many people have used MySQL databases, which are favored by many users.AuthorizationI am not very familiar with it. Next, this article will resolve the MySQL database authorization principles for everyone.

Server restart

When mysqld is started, all authorization table content is read into the memory and takes effect from that time.

Immediately applied by the server

Modifications made to the authorization table using GRANT, REVOKE, or set password will be immediately noticed by the server.

Directly modify the authorization table

If you manually modify the authorization table (using INSERT, UPDATE, and so on), you should execute a flush privileges statement or run mysqladmin flush-privileges to tell the server to load the authorization table again, otherwise, your change will not take effect unless you restart the server.

Impact on existing customer connections

When the server notices that the authorization table has been changed, the existing customer connection has the following impact:

Authorization principles

No matter how careful you are, you will inevitably leave vulnerabilities when authorizing users. I hope the following content can help you. You should generally abide by these rules.

Only the root user has the permission to override the authorized table.

Do not grant the permission to rewrite the authorization table to other users except the root user (of course, if you can use another user instead of the root user for management to increase security ). In this way, you can overwrite the existing permissions by modifying the authorization table. Generate security vulnerabilities.

In general, you may not make this mistake, but after installing the new distribution, the initial authorization table. This vulnerability exists. If you do not know the content of the authorization table, you may make mistakes.

On Unix (Linux), after installing MySQL according to instructions in the manual, you must run the mysql_install_db script to create the mysql database and initial permissions containing the authorization table. On Windows, run the Setup program in the distribution to initialize the data directory and mysql database. It is assumed that the server is also running.

When you first install MySQL on a machine, the authorization table in the mysql database is initialized as follows:

Generally, we recommend that you delete anonymous user records:

Mysql> delete from user WHERE User = "";

Furthermore, you can delete any anonymous users in other authorization tables. Tables with User columns include db, tables_priv, and columns_priv.

In addition, set the password for the root user.

User, password, and host settings

Use passwords for all MySQL users.

Remember, if other_user does not have a password, anyone can simply use mysql-u other_user db_name to log on as any other person. For client/server applications, it is common for customers to specify any user name. Before you run it, You can edit the mysql_install_db script to change the passwords of all users, or just the MySQL root Password, as shown in the following code:

Shell> mysql-u root mysql

Mysql> UPDATE user SET Password = PASSWORD ('new _ password ')

-> WHERE user = 'root ';

Mysql> flush privileges;