Experiment 4 Database Security and Integrity
one. Purpose
1. Deepen your understanding of database security and integrity;
2. Learn to authorize and recycle;
4. Understand and appreciate the role of database entity integrity, referential integrity, and user-defined integrity constraints.
2. Experimental content
Authorize and revoke permissions for each established table and user. After completing the operation, check whether the authorized user actually has the granted data operation authority, and whether the user who has completed the authority revocation operation has indeed lost the authority. power of data manipulation.
Define various integrity constraints and then enter various data to verify the effect of the constraints.
- Set the query permission of user a on the SPJ table. Log in as a and verify a 's permissions.
experiment procedure:
(1) First create a user with the password "password":
CREATE USER 'a' IDENTIFIED WITH mysql_native_password BY'password';(2) Verify a’s permissions before authorizing:
Log in:
Run the query statement:
SELECT sno
from spjIt was found that there is no access permission to the database:
(3) Then authorize:
GRANT SELECT
ON spj
TO a;(4) Log in to verify the permissions of a:
SELECT sno
from spj 
Experimental results:
create:
Authorization:
Result analysis:
When creating a user, create 'a'@%, do not create a@host, otherwise authorization will not be possible.
2. Set user b to have modification permissions on table S and table P , and require b to grant this permission to other user c . Log in as b and c respectively , and verify the permissions of b and c .
experiment procedure:
(1) Create user b with the password “bpassword”:
CREATE USER 'b' IDENTIFIED WITH mysql_native_password BY'bpassword';(2) Create user c with the password “cpassword”:
CREATE USER 'c' IDENTIFIED WITH mysql_native_password BY'cpassword';(3) Authorize (grant query and modification permissions, only modify permissions are not allowed):
GRANT SELECT
ON s
TO b;
GRANT UPDATE
ON s
TO b
WITH GRANT OPTION;
GRANT SELECT
ON p
TO b;
GRANT UPDATE
ON p
TO b
WITH GRANT OPTION;
(4) Log in as user b and verify permissions:
(5) Log in b and change the SNAME in s table s5 to "for the people" and the city to "Beijing"
UPDATE s
SET SNAME='为人民',CITY='北京'
WHERE sno='S1';
(6) Change p1 in the p table to screw and the color to red
UPDATE p
SET PNAME='螺丝',COLOR='红'
WHERE pno='p1';
(7) Log in to b, execute authorization permissions, and grant c the query and modification permissions on tables s and p.
GRANT SELECT
ON s
TO c;
GRANT UPDATE
ON s
TO c
GRANT SELECT
ON p
TO c;
GRANT UPDATE
ON p
TO c
(8) Log in to c, change the SNAME in s table s5 to "for the people", and change the city to "Shanghai"
UPDATE s
SET SNAME='为民',CITY='上海'
WHERE sno='S1';
(9) Change p1 in the p table to nut and the color to blue
UPDATE p
SET PNAME='螺母',COLOR='蓝'
WHERE pno='p1';
Experimental results:
As shown above.
Result analysis:
When granting modification permissions to a user, remember to grant query permissions at the same time. You cannot update without select.
3. Recover the permissions of users a and b , and verify the permissions of user c .
experiment procedure:
(1) Withdraw a’s query permission on the spj table:
REVOKE SELECT
on spj
FROM a;(2) Withdraw b’s permission to change tables s and p:
REVOKE UPDATE
on s
FROM b;
REVOKE UPDATE
on p
FROM b;(3) Verify whether user c still has the permission to change the s and p tables:
Login c:
Change the SNAME in s table s5 to "Weiguo" and the city to "Guangzhou"
UPDATE s
SET SNAME='为国',CITY='广州'
WHERE sno='S1';
将p表中p1改为螺丝,颜色改为绿
UPDATE p
SET PNAME='螺丝',COLOR='绿'
WHERE pno='p1';Experimental results:
(1) Withdraw a’s query permission on the spj table:
(2) Withdraw b’s permission to change tables s and p:
(3) Verify whether user c still has the permission to change the s and p tables:
Result analysis:
Only b's permissions were revoked, but the permissions granted by b to c were not revoked, indicating that mysql did not perform cascading recycling.
4. For the table created in Experiment 1 , use the graphical user interface to establish foreign key relationships and verify the function of the foreign keys.
experiment procedure:
- Right click----Design table----Foreign key----Create foreign key
(2) Verify the function of the foreign key: (Insert a piece of data that violates the foreign key constraints in the spj table)
Insert ('S8','P1','J9',200) into the spj table:
INSERT INTO spj VALUES('S8','P1','J9',300);Experimental results:
Result analysis:
The maximum size of the S table is S6, the maximum size of the p table is P6, and the maximum size of the j table is J7. The inserted data violates foreign key constraints, so an error will be reported.
5. For the table created in Experiment 1 , set the constraints that the color of the parts must be within the seven color ranges of red, orange, yellow, green, cyan, blue, and purple, and that the weight of the parts cannot exceed 50 , and give these two constraints Conditional naming, the name is the full spelling of your own name (xiaoming) .
experiment procedure:
(1) Add constraints:
ALTER TABLE p
ADD CONSTRAINT xiaoming CHECK(COLOR in ('红','橙','黄','绿','青','蓝','紫')and WEIGHT<=50);(2) Verify whether the constraints are useful, change the "green" of P1 in the p table to "red"
UPDATE p
SET color='赤'
WHERE pno='P1';
Experimental results:
(1) Add constraints:
(2) Verify whether the constraints are useful, change the "green" of P1 in the p table to "red"
Result analysis:
To verify whether the constraint is useful, change the "green" of P1 in the p table to "red". An error will be reported when running, indicating that the xiaoming constraint already exists. Naturally, the data cannot be changed.
6. Set the number of supplied parts in the SPJ table to not exceed 1,000
experiment procedure:
(1) Add constraints:
ALTER TABLE spj
add CHECK(QTY<=1000);(2) Modify the QTY of the first data in the spj table to 1200
UPDATE spj
SET QTY=1200
WHERE sno='S1' AND pno='P1' AND jno='J4';Experimental results:
(1) Add constraints:
(2) Modify the QTY of the first data in the spj table to 1200
Result analysis:
Due to the existence of constraints, the data cannot be modified to a number greater than 1000.
7. Set the supplier number in the S table to start with the letter 'S'
experiment procedure:
ALTER TABLE s
add CHECK(sno like 's%');
Experimental results:
Result analysis:
Create constraints, CHECK(sno like 's%')
8. Verify the entity integrity of each table.
experiment procedure:
-- 验证s表的实体完整性
-- (1)往s表插入一条正常的数据
INSERT INTO s VALUES('S7','红旗',10,'济南');
-- (2)往s表插入一条重复的数据
INSERT INTO s VALUES('S7','群众',10,'青岛');
-- (3)往s表插入一条空的数据
INSERT INTO s VALUES('','创新',10,'广州');
-- 验证p表的实体完整性
-- (1)往p表插入一条正常的数据
INSERT INTO p VALUES('P7','轮胎',null,20);
-- (2)往p表插入一条重复的数据
INSERT INTO p VALUES('P7','轮胎',null,20);
-- (3)往p表插入一条空的数据
INSERT INTO p VALUES(NULL,'钉子',null,5);
-- 验证j表的实体完整性
-- (1)往j表插入一条正常的数据
INSERT INTO j VALUES('J8','造车厂','上海');
-- (2)往j表插入一条重复的数据
INSERT INTO j VALUES('J8','造车厂','上海');
-- (3)往j表插入一条空的数据
INSERT INTO j VALUES(NULL,'轮胎厂','南京');
-- 验证spj表的实体完整性
-- (1)往spj表插入一条正常的数据
INSERT INTO spj VALUES('S7','P6','J7',300);
-- (2)往spj表插入一条重复的数据
INSERT INTO spj VALUES('S7','P6','J7',300);
-- (3)往spj表插入一条空的数据
INSERT INTO spj VALUES('S7',NULL,'J7',300);
Experimental results:
--Verify the entity integrity of the s table
-- (1) Insert a piece of normal data into the s table ('S7', 'Red Flag', 10, 'Jinan')
-- (2) Insert a repeated piece of data into the s table ('S7','Mass',10,'Qingdao')
-- (3) Insert an empty piece of data into the s table ('','Innovation',10,'Guangzhou')
--Verify the entity integrity of the p table
-- (1) Insert a piece of normal data into the p table ('P7', 'Tire', null, 20)
-- (2) Insert a duplicate data ('P7','Tire',null,20) into the p table
-- (3) Insert an empty piece of data (NULL,'Nail',null,5) into the p table
--Verify the entity integrity of j table
-- (1) Insert a normal piece of data into table j ('J8', 'car manufacturer', 'Shanghai')
-- (2) Insert a duplicate data into table j ('J8', 'car manufacturer', 'Shanghai')
-- (3) Insert an empty data (NULL,'tire factory','Nanjing') into table j
--Verify the entity integrity of the spj table
-- (1) Insert a normal data ('S7', 'P6', 'J7', 300) into the spj table
-- (2) Insert a duplicate data ('S7','P6','J7',300) into the spj table
-- (3) Insert an empty piece of data ('S7', NULL, 'J7', 300) into the spj table
Result analysis:
Due to the integrity constraints defined when the s, p, and j tables were created, duplicate data cannot be inserted, and data with a null primary code cannot be inserted. The above statement verifies the integrity constraints.
three. Experiment summary
Question 1: When creating a user, do not create [username]@host, otherwise an error will be reported when executing the authorization statement.
Create [username]@% to perform authorization. % means that any client can connect. localhost means that only the local computer can connect.
Question 2: After granting user b the permission to modify the s and p tables, if the update statement is executed on login, an error will be reported:
The reason is that the select permission is not granted to b, resulting in the inability to update.
Question 3: When checking the permissions of a certain user, you can run the following MySQL statement (take querying user a as an example):
(1)
show grants for a;
(2)
SELECT * FROM mysql.tables_priv WHERE User='a';
Summary: MySQL syntax involved in this experiment:
--创建用户u1,密码为password:
CREATE USER 'u1' IDENTIFIED WITH mysql_native_password BY'password';
--删除用户u1:
drop user 'u1';
--授予用户u1权限:
GRANT [权限] ON [表名] TO u1;
--查看u1的权限:
show grants for u1; SELECT * FROM mysql.tables_priv WHERE User='u1';
--收回u1的权限:
REVOKE [权限] on [表名] FROM u1;
--添加约束:
ALTER TABLE [表名] ADD CONSTRAINT [约束名] CHECK [约束条件];
--删除约束:
ALTER TABLE [表名] DROP CONSTRAINT [约束名];