Mysql permission and security, mysql permission security

Mysql permission and security, mysql permission security

1. the MySQL permission system performs authentication in two phases:

(A) authenticate the user, and combine the IP address and user name,

(B) grant corresponding permissions to legal users. The permission table is loaded into the memory when the database is started.

2. the user, host, and db permission tables in the mysql database are used during permission access. Two-phase verification process

(A) The host, user, and password in the user table determine whether A connection is allowed.

(B) Permission table sequence: user-> db-> tables_priv-> columns_priv.

Each permission in the user table represents the permissions available to all databases, and each permission in the db table represents the permissions available to specific databases.

Iii. Account Management

Two ways to create an account: Use the GRANT syntax to create or directly operate the authorization table. The first method is recommended.

You can use the GRANT and REVOKE commands to modify permissions.

Iv. Security Issues

(A) Strictly control operating system accounts and permissions

(B) Avoid running MySQL with root permissions as much as possible

(C) Prevent DNS Spoofing

(D) Delete an anonymous account

(E) Set a password for the root account

(F) Set a Security Password

(G) only grant the account the required permissions

(H) only allow the root user to have access to the mysql database user table

(I) Only grant the Administrator the FILE, PROCESS, and SUPER permissions.

(J) drop table does not revoke the previous access authorization.

(K) use SSL

(L) add IP address restrictions to all users

(M) Pay attention to the REVOKE command Vulnerability