Detailed description of password modification and access restriction settings in MySQL

MySQL is a real multi-user, multi-thread SQL database server. MySQL is implemented in a Client/Server structure. It consists of a server daemon mysqld and many different client programs and libraries. Because of its openness and Stability of the source code, and its perfect combination with the popular compilation of PHP, many websites now use it as a back-end database, making it widely used. In terms of security, each user must be given access restrictions on different databases to meet the requirements of different users. We will discuss it separately for your reference.

　　I. Summary of MySQL password change methods

The first thing to note is: Generally, you need to have the root permission in MySQL to change the MySQL password. In this way, you cannot change the password unless you ask the Administrator to help you modify the password.

Method 1

Use phpMyAdmin

(Graphical MySQL database management tool), this is the simplest, directly use SQL statements to modify the user table of the MySQL database, but do not forget to use the password function, insert the user using the INSERT command, modify the user's use of the update command and delete the use of the DELETE command. This section describes the user field of a data table.

Method 2

Use mysqladmin. Input

Mysqladmin-u root-P oldpassword newpasswd

　　
After executing this command, you need to enter the original root password, so that the root password will be changed to newpasswd. Similarly, change the root in the command to your username, and you can change your password.

Of course, if your mysqladmin cannot connect to MySQL server, or you cannot execute mysqladmin, this method is invalid, and mysqladmin cannot clear the password.

The following methods are used at the MySQL prompt and must have the root permission of MySQL:

Method 3

Mysql> insert into mysql. User (host, user, password) Values ('%', 'System', password ('manager ')); Mysql> flush privileges

　　
Specifically, this is to add a user with the username system and Password Manager. Be sure to use the password function, and then use flush privileges for confirmation.

Method 4

Similar to method Sany, but the replace statement is used.

Mysql> replace into mysql. User (host, user, password) Values ('%', 'system', password ('manager ')); Mysql> flush privileges

Method 5

Use the SET Password statement

Mysql> set password for system @ "%" = PASSWORD ('manager ');

　　
You must also use the password () function, but do not need to use flush privileges for confirmation.

Method 6

Use the grant... identified by statement to grant permissions.

Mysql> grant usage on *. * to system @ "%" identified by 'manager ';

　　
Here, the password () function is unnecessary and you do not need to use flush privileges for confirmation.

Note: The password () function is used to encrypt passwords and automatically interpret them in MySQL.

　　Ii. How to Set access restrictions in MySQL

We use two methods to set users.

Go to the MySQL execution directory (usually c: \ mysql \ bin ). Enter mysqld-mongoware.exe and MySQL -- user = root mysql. Otherwise, you cannot add new users. Go to the mysql> prompt to perform the operation.

Suppose we want to create a super user with the username system and user password manager.

Method 1

Use the grant command for authorization. The input code is as follows:

Mysql> grant all privileges on *. * to system @ localhost identified 'Manager' with grant option;

Display: Query OK, 0 rows affected (0.38 Sec)

Method 2

Set each permission of a user:

Mysql> insert into user Values ('localhost', 'system', password ('manager '), 'Y ', 'y', 'y ');

For MySQL 3.22.34, there are 14 "Y" in total. The corresponding permissions are as follows (sorted by field ):

Permission	Table column name	Explanation	Scope of use
Select	Select_priv	Select permission is required only when a table is actually retrieved.	Table
Insert	Insert_priv	Allows you to Insert a new row into an existing table.	Table
Update	Update_priv	Allows you to update columns in the row of an existing table with new values.	Table
Delete	Delete_priv	Allow you to delete rows that meet the conditions	Table
Create	Create_priv	Allow you to create new databases and tables	Databases, tables, or Indexes
Drop	Drop_priv	Discard (delete) existing databases and tables	Database or table
Reload	Reload_priv	Allow you to tell the server to read the authorization table again	Server Management
Shutdown	Shutdown_priv	This vulnerability may be abused (by terminating the server and rejecting services from other users)	Server Management
Process	Process_priv	Allows you to view the common text of the currently executed query, including setting or changing the password for the query	Server Management
File	File_priv	Attackers can exploit this vulnerability to read any readable files from the server to the database table.	File access on the server
Grant	Grant_priv	Allow you to grant your own permissions to other users	Database or table
References	References_priv	Allows you to open and close Record Files	Database or table
Index	Index_priv	Allows you to create or discard (delete) Indexes	Table
Alter	Alter_priv	Allows you to change the table. You can rename the table to overturn the permission system.	Table

If you only have select, insert, update, and delete permissions when creating a user, you can only perform operations on the existing table of a database.

Next we can create the database we want to use. We can directly enter it. For example, we want to create a database named xinxiku. The following code is available:

Mysql> Create Database xinxiku;

　
Display: Query OK, 1 row affected (0.00 Sec)