Article Directory
foreword
In the use of mysql, it is unavoidable to use our own database for others. In order to use it safely, we do not want the other party to see too many databases, or reduce the damage it may cause to our database, and give him some permissions. How to ensure the security of our database?
1. Determine whether it is a local connection or a remote connection
Relatively speaking, this kind of situation is generally a remote link, for others to use~
- local connection localhost
- Remote connection % or specific ip for others
2. Create steps
Need to log in as an advanced user (can assign permissions, create users, etc.)
1. Create it natively
Create user
Assign permissions
Refresh permissions
View created users and permissions
-- 创建一个用户名密码为 test test 的用户
CREATE USER 'test'@'localhost' IDENTIFIED BY 'test';
-- 赋予这个用户 的数据库为ry (ry)所有表(.*),所有权限(ALL PRIVILEGES)
GRANT ALL ON ry.* TO 'test'@'localhost';
-- 刷新权限
FLUSH PRIVILEGES;
-- 查看用户 test 的信息以及权限
show grants for 'test'@'localhost';
2. Create users for other hosts
You can still use test with the same name, or create a new user name
-- 创建一个用户名密码为 test test 的用户
CREATE USER 'test'@'%' IDENTIFIED BY 'test';
-- 赋予这个用户 的数据库为ry (ry)所有表(.*),所有权限(ALL PRIVILEGES)
GRANT ALL ON ry.* TO 'test'@'%';
-- 刷新权限
FLUSH PRIVILEGES;
-- 查看用户 test 的信息以及权限
show grants for 'test'@'%';
3. Delete user
In the above operation, we actually created two users, although the user names are the same
- Local user test ('test'@'localhost')
- remote user test ('test'@'%')
-- 删除本地用户test
DROP USER 'test'@'localhost';
-- 删除远程用户test
DROP USER 'test'@'%';
Summarize
Replenish:
- Grant means authorization:
GRANT privileges ON databasename.tablename TO 'username'@'host'Explanation: privileges: the user's operation authority, such as SELECT, INSERT, UPDATE, etc., if you want to grant all the permissions, use ALL
databasename: database name tablename: table name, if you want to grant the user the corresponding operation authority on all databases and tables then Available representation, such as .*
'username' username
'host' ip address, optional value: localhost, specific ip, no limit% - User password modification
SET PASSWORD FOR 'username'@'host' = PASSWORD('newpassword');Description: 'host' The specific user attribution to be changed, which is consistent with the optional value of authorization.
username newpassword are the user name to be changed and the new password respectively