Talking about MySQL privilege

First, background:

The "Go to IoE" is the essence of "distributed + Open source" architecture instead of "centralized + closed" architecture, into a thorough cloud computing service model. To "IE" easy, and should go, the key really can save money, and operation is not very difficult, alternative technology products mature. And go to O should be cautious rational, to the bad may be a big pit, not only will not save money and more expensive, and alternative product technology is not mature. MySQL is currently on the market for more mature and more enterprises to replace Oracle's products.

Prism Door event triggered a "go to the IoE" of the extensive discussion, telecommunications, finance and other core areas of information systems for the security and reliability of the high priority, affected by the incident, in September 2014, the China Banking Regulatory Commission issued 39th, " Guidance on the application of safe and controllable information technology to strengthen the network security and informatization construction of the banking industry, the two quantitative indicators required in 39th are included in the 2015 annual assessment of each bank, and the two quantitative indicators are the application of the safe and controllable information technology by the banking financial institutions from 2015 onwards to not less than 15% The proportion of the annual increase, until 2019 to reach a total ratio of not less than 75%, the second is from 2015, the banking institutions should be arranged not less than 5% of the yearly information budget, specifically to support the organization around the safe and controllable information system for the development of forward-looking, innovative and planning research, Support the organization to master the information core knowledge and skills.

Based on the above situation, it is very important to study the information security of MySQL!

Second, System Environment:

• Os:centos Linux Release 7.3_64
• ip:192.168.56.12
• mysql:5.7.19
• MySQL Database: CHENZX
• Remote port: 3306

Third, test Case:

Authority control seems to me to be the most obvious way to work. MySQL users are created in a different way than Oracle, where Oracle creates the user as a schema, and MySQL confirms the user name with the username +ip address. Anyone familiar with the Oracle security baseline will feel MySQL is like a whitelist on the username. When I learned about this, I raised the question, at least the five types of IP addresses in the following table, what is the status of authority control? For this purpose, 5 test tables have been deliberately created:

1. Each test table has a host and user two fields
2. Each test table contains 1 host and user information that will empower the user
3. Each user can only have the appropriate table permissions, detailed in the following table

Host	Test1	Test2	Test3	Test4	Test5
%	√
127.0.0.1		√
192.168.56.%			√
192.168.56.12				√
localhost					√

• Test steps:

1. Log in to the database using a port

Log in with MySQL user

$ mysql–uchenzx–p3306–h&ip

1. Querying user Information

Mysql> Select User ();

1. Querying table information

Mysql> select * from Chenzx.test1;

Mysql> select * from Chenzx.test2;

Mysql> select * from Chenzx.test3;

Mysql> select * from Chenzx.test4;

Mysql> select * from CHENZX.TEST5;

• Test Result: (Can access the identity "√")

Host	Test1	Test2	Test3	Test4	Test5
%	√
127.0.0.1	√	√
192.168.56.%	√		√
192.168.56.12	√		√	√
localhost	√				√

From the test results, MySQL's permissions have a contained relationship. You can query the relevant assignment definitions by command, such as:

Mysql> Show grants for ' CHENZX ' @ ' 192.168.56.12 ';

Mysql> Show grants for ' CHENZX ' @ ' 192.168.56.% ';

Four, Summary:

After MySQL is estimated to be further promoted, MySQL operation and maintenance, understand the principle of authority empowerment, any problems can be in stride.

Talking about MySQL privilege