MySQL 許可權管理的注意事項

 ㈠ 認證和授權

認證：who am I ？

授權：what I can do ？

認證實際上就是一個驗證憑證的過程、而進入MySQL 需要出示的憑證有：host、username、password

串連MySQL 常見有 2 種：

① TCP/IP 串連

加 -h 參數、通過TCP/IP 串連MySQL 執行個體、mysql.user 對來者進行認證

② Socket

-S 參數 、只能在 MySQL 用戶端和執行個體在同一台伺服器上使用

㈡ 預設有 2 個高危險使用者：

㈢ % 不是萬能的、至少無法替代 localhost、而 MySQL 預設卻是以 localhost登陸

mysql> grant all on *.* to 'david'@'%' identified by 'Oracle';
Query OK, 0 rows affected (0.05 sec)

[mysql@odd ~]$ mysql -udavid -poracle
ERROR 1045 (28000): Access denied for user 'david'@'localhost' (using password: YES)
[mysql@odd ~]$ mysql -udavid -poracle -h 127.0.0.1
ERROR 1045 (28000): Access denied for user 'david'@'localhost' (using password: YES)

mysql> grant all on *.* to 'david'@'localhost' identified by 'oracle';
Query OK, 0 rows affected (0.01 sec)

[mysql@odd ~]$ mysql -udavid -poracle
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.5.16-log Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

1 2 下一頁