182 Chapter 8 Creating Your Web Databasen Setting up your path n Running mysql_install_db, if required n Setting the root password n Deleting the anonymous user and the test database n S
Trang 1182 Chapter 8 Creating Your Web Database
n Setting up your path
n Running mysql_install_db, if required
n Setting the root password
n Deleting the anonymous user and the test database
n Starting the MySQL server and setting it up to run automatically
If you’ve done all those things, you can go right ahead and read this chapter If you haven’t, you can find instructions on how to do these things in Appendix A,
“Installing PHP 4 and MySQL.”
If you have problems at any point in this chapter, it might be because your MySQL system is not set up correctly If that happens, refer back to this list and Appendix A to make sure that your setup is correct
n Have access to MySQL on a machine that you do not administer such as a Web hosting service, a machine at your workplace, and so on
If this is the case, in order to work through the examples or to create your own database, you’ll need to have your administrator set up a user and database for you
to work with and tell you the username, password, and database name they have assigned to you
You can either skip the sections of this chapter that explain how to set up users and databases or read them in order to better explain what you need to your sys-tem administrator As a normal user, you won’t be able to execute the commands
to create users and databases
The examples in this chapter were all built and tested with MySQL version 3.23.52 Some earlier versions of MySQL have less functionality.You should install or upgrade to the most current stable release at the time of reading.You can download the current release from the MySQL site at http://mysql.com
A Note on Using the MySQL Monitor
You will notice that the MySQL examples in this chapter and the next end each com-mand with a semicolon (;).This tells MySQL to execute the command If you leave off the semicolon, nothing will happen.This is a common problem for new users
This also means that you can have new lines in the middle of a command.We have used this to make the examples easier to read.You will see where we have done this because MySQL provides a continuation symbol It’s an arrow that looks like this: mysql> grant select
->
Trang 2This means MySQL is expecting more input Until you type the semicolon, you will get these characters each time you press Enter
Another point to note is that SQL statements are not case sensitive, but database and table names can be—more on this later
How to Log in to MySQL
To do this, go to a command line interface on your machine and type the following:
mysql -h hostname -u username -p Your command prompt might look different depending on the operating system and shell you are using
Themysqlcommand invokes the MySQL monitor.This is a command line client that connects you to the MySQL server
The -hswitch is used to specify the host to which you want to connect; that is, the machine on which the MySQL server is running If you’re running this command on the same machine as the MySQL server, you can leave out this switch and the
hostnameparameter If not, you should replace the hostname parameter with the name
of the machine where the MySQL server is running
The -uswitch is used to specify the usernameyou want to connect as If you do not specify, the default will be the username you are logged into the operating system as
If you have installed MySQL on your own machine or server, you will need to log in
as rootand create the database we’ll use in this section Assuming that you have a clean install,rootis the only user you’ll have to begin with
If you are using MySQL on a machine administered by somebody else, use the user-name they gave you
The -pswitch tells the server you want to connect using a password.You can leave it out if a password has not been set for the user you are logging in as
If you are logging in as rootand have not set a password for root, I strongly recom-mend that you visit Appendix A and do so right now.Without a rootpassword, your system is insecure
You don’t need to include the password on this line.The MySQL server will ask you for it In fact, it’s better if you don’t If you enter the password on the command line, it will appear as plain text on the screen, and will be quite simple for other users to discover
After you have entered the previous command, you should get a response something like this:
Enter password: ****
(If this hasn’t worked, verify that the MySQL server is running, and the mysqlcommand
is somewhere in your path.) You should enter your password If all goes well, you should see a response something like this:
Trang 3184 Chapter 8 Creating Your Web Database
Welcome to the MySQL monitor Commands end with ; or \g.
Your MySQL connection id is 5 to server version: 3.23.52-nt Type 'help;' or '\h' for help Type '\c' to clear the buffer.
mysql>
On your own machine: If you don’t get a response similar to this, make sure that you have run mysql_install_dbif required, you have set the root password, and you’ve typed it in correctly
If it isn’t your machine, make sure that you typed in the password correctly
You should now be at a MySQL command prompt, ready to create the database
If you are using your own machine, follow the guidelines in the next section
If you are using somebody else’s machine, this should already have been done for you You can jump ahead to the “Using the Right Database” section.You might want to read the intervening sections for general background, but you won’t be able to run the com-mands specified there (Or at least you shouldn’t be able to!)
Creating Databases and Users
The MySQL database system can support many different databases.You will generally have one database per application In our Book-o-Rama example, the database will be called books
Creating the Database
This is the easiest part At the MySQL command prompt, type
mysql> create database dbname;
You should substitute the name of the database you want to create for dbname.To begin creating the Book-O-Rama example, you can create a database called books
That’s it.You should see a response like Query OK, 1 row affected (0.06 sec) This means everything has worked If you don’t get this response, make sure that you typed the semicolon at the end of the line A semicolon tells MySQL that you are fin-ished, and it should actually execute the command
Users and Privileges
A MySQL system can have many users.The root user should generally be used for administration purposes only, for security reasons For each user who needs to use the system, you will need to set up an account and password.These do not need to be the same as usernames and passwords outside of MySQL (for example, UNIX or NT user-names and passwords).The same principle applies to root It is a good idea to have differ-ent passwords for the system and for MySQL, especially when it comes to the root pass-word
Trang 4It isn’t compulsory to set up passwords for users, but we strongly recommend that you set up passwords for all the users that you create
For the purposes of setting up a Web database, it’s a good idea to set up at least one user per Web application
You might ask, “Why would I want to do this?”—the answer lies in privileges
Introduction to MySQL’s Privilege System
One of the best features of MySQL is that it supports a sophisticated privilege system
A privilege is the right to perform a particular action on a particular object, and is
associated with a particular user.The concept is very similar to file permissions
When you create a user within MySQL, you grant her a set of privileges to specify what she can and cannot do within the system
Principle of Least Privilege
The principle of least privilege can be used to improve the security of any computer sys-tem It’s a basic, but very important principle that is often overlooked.The principle is as follows:
A user (or process) should have the lowest level of privilege required in order to per-form his assigned task
It applies in MySQL as it does elsewhere For example, to run queries from the Web, a user does not need all the privileges to which root has access.We should therefore create another user who only has the necessary privileges to access the database we have just created
Setting Up Users: The GRANT Command
The GRANTand REVOKEcommands are used to give and take away rights to and from MySQL users at four levels of privilege.These levels are
n Global
n Database
n Table
n Column We’ll see in a moment how each of these can be applied
The GRANTcommand is used to create users and give them privileges.The general form of the GRANTcommand is
GRANT privileges [columns]
ON item
TO user_name [IDENTIFIED BY 'password']
[WITH GRANT OPTION]
Trang 5186 Chapter 8 Creating Your Web Database
The clauses in square brackets are optional.There are a number of placeholders in this syntax
The first,privileges, should be a comma separated list of privileges MySQL has a defined set of these.They are described in the next section
The columnsplaceholder is optional.You can use it to specify privileges on a col-umn-by-column basis.You can use a single column name or a comma-separated list of column names
The itemplaceholder is the database or table to which the new privileges apply You can grant privileges on all the databases by specifying *.*as the item.This is
called granting global privileges.You can also do this by specifying *alone if you are not using any particular database
More commonly, you will specify all tables in a database as dbname.*, on a single table as dbname.tablename, or on specific columns by specifying dbname.
tablenameand some specific columns in the columnsplaceholder.These represent the
three other levels of privilege available: database, table, and column, respectively If you are
using a specific database when you issue this command,tablenameon its own will be interpreted as a table in the current database
Theuser_nameshould be the name you want the user to log in as in MySQL Remember that it does not have to be the same as a system login name.The user_name
in MySQL can also contain a hostname.You can use this to differentiate between, say, laura(interpreted as laura@localhost) and laura@somewhere.com.This is quite useful because users from different domains often have the same name It also increases security because you can specify where users can connect from, and even which tables or data-bases they can access from a particular location
The passwordshould be the password you want the user to log in with.The usual rules for selecting passwords apply.We will talk more about security later, but a password should not be easily guessable.This means that a password should not be a dictionary word or the same as the username Ideally, it will contain a mixture of upper- and lower-case and nonalphabetic characters
The WITH GRANT OPTIONoption, if specified, allows the specified user to grant her own privileges to others
Privileges are stored in four system tables, in the database called mysql.These four tables are called mysql.user, mysql.db, mysql.tables_priv, and mysql.columns_priv, and relate directly to the four levels of privilege mentioned earlier As an alternative to GRANT, you can alter these tables directly.We will discuss this in more detail in Chapter
11, “Advanced MySQL.”
Types and Levels of Privilege
Three basic types of privileges exist in MySQL: privileges suitable for granting to regular users, privileges suitable for administrators, and a couple of special privileges Any user can be granted any of these privileges, but it’s usually sensible to restrict the administra-tor type ones to administraadministra-tors, according to the principle of least privilege