加 -h 參數、通過TCP/IP 串連MySQL 執行個體、mysql.user 對來者進行認證
顯然、對於TCP/IP 這種請求、MySQL 是要求您出示憑證的
② Socket
-S 參數 、只能在 MySQL 用戶端和執行個體在同一台伺服器上使用
㈡ 預設有 2 個高危險使用者:
㈢ % 不是萬能的、至少無法替代 localhost、而 MySQL 預設卻是以 localhost登陸
mysql> grant all on *.* to 'david'@'%' identified by 'oracle';Query OK, 0 rows affected (0.05 sec)[mysql@odd ~]$ mysql -udavid -poracleERROR 1045 (28000): Access denied for user 'david'@'localhost' (using password: YES)[mysql@odd ~]$ mysql -udavid -poracle -h 127.0.0.1ERROR 1045 (28000): Access denied for user 'david'@'localhost' (using password: YES)mysql> grant all on *.* to 'david'@'localhost' identified by 'oracle';Query OK, 0 rows affected (0.01 sec)[mysql@odd ~]$ mysql -udavid -poracleWelcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 9Server version: 5.5.16-log Source distributionCopyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
㈣ 什麼時候使用 FLUSH PRIVILEGES
先認清 2 個事實:
● MySQL 許可權庫 mysql 永駐記憶體
● FLUSH PRIVILEGES會強行重新整理記憶體中的許可權資訊
要做:
直接對mysql 下的grant tables 進行DML、要做!
不做:
grant、revoke、create user、drop user 、不做!
㈤ 許可權等級的那些事兒
⑴ 許可權等級及文法規則
2 點補充:
① GRANT ALL 可授予某個Level 的所有可用許可權
② WITH GRANT OPTION 子句可級聯授權
⑵ 生效時間
Global Level 或 Database Level 許可權變更後、需先 KILL 重串連
Table Level 或 Column Level 變更立即生效
⑶ 校正順序
⑷ 對應的 grant tables
Globa Level ←●→ mysql.user
Database Level ←●→ mysql.db
Table Level ←●→ mysql.table_priv
Column Level ←●→ mysql.column_priv
By David lin
2013-05-31
Good Luck
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
