In Chapter 11, "Managing User Privileges," we discussed user account creation, granting and revoking privileges, and the grant tables.. For example, if there are rows in the table for te
Trang 1In Chapter 11, "Managing User Privileges," we discussed user account creation, granting and revoking privileges, and the
grant tables We will begin this chapter by discussing how your MySQL server applies the privileges you have granted
There are two stages to the privilege system In the first stage, MySQL checks whether a user is allowed to connect to the
server at all The user table in the mysql database is used for this purpose MySQL looks up your username and password as entered and the host from which you are trying to connect to see whether there is a matching row If no row matches, you will not be able to connect to the server
Because the user table supports wildcards in the host column, a user/hostname combination may match more than one row MySQL determines which row is relevant by matching the most specific hostname first For example, if there are rows in the table for test from host localhost and user test from host %
(meaning any host), then the localhost row will be selected Note that these two rows can have different passwords This can cause a great deal of confusion (We will look at an example
of this in the section "Deleting Anonymous Accounts," later in this chapter.)
The second stage applies when you try to execute specific
queries or commands MySQL checks each query against the grant tables before it is executed
If the query you are trying to execute requires a global
privilegesuch as doing a LOAD DATA INFILE or trying to use
SHOW PROCESSLIST the user table will be checked For database-specific queries, the user table will be checked first If the user has the privilege on all databases, this will be sufficient If not, then the db and host tables are checked If the user does not
Trang 2have the privilege at this level, then if any table- or column-level privileges are set, these will be checked last
Trang 3One of MySQL's strengths is its advanced user privilege system
In this chapter, we'll discuss user account creation, the different privileges available, and how these privileges are represented within MySQL tables We'll cover the following:
Creating user accounts with GRANT and REVOKE
Privilege levels
Understanding the privilege tables
Trang 4MySQL creates some anonymous accounts that require no username to log in We recommend that you delete these The reasons behind this are covered in detail in Chapter 15,
"Securing Your MySQL Installation," in the section "Deleting Anonymous Accounts." You can get rid of these accounts by typing this:
use mysql;
delete from user where User='';
delete from db where User='';
flush privileges;
Trang 5Installation
In this chapter we'll discuss general security issues you should consider when running MySQL Although we cannot be
comprehensive in the space of a single chapter, we will give you
a list of the most important don'ts We will cover the following: How the privilege system works in practice
Securing accounts
Securing your installation files
Filtering user data
Other tips
Trang 6There are a few general security principles that apply to the management of user accounts in MySQL We will look at these next
Setting the Password for the Root Account
When you install MySQL, the root password is not set by
default You absolutely must set this password before using
MySQL in anything other than a purely experimental
environment Without the root password set, anyone can log in and do anything he wants to your data In virtually all cases, this is a very bad thing If you have not done so already, set
this password immediately.
Deleting Anonymous Accounts
When you install MySQL on Windows, it automatically creates some accounts for you On Linux, this happens when you run the mysql_install_db script Two of these accounts are
anonymous; they represent the account you get when you don't specify a username One has a host value of localhost and the other % (any other host, so effectively any remote connection) These accounts have no passwords set by default
You can probably already see where we're going with this, but
we strongly recommend that you delete these accounts You can do this as shown here:
delete from user where User='';
Trang 7You will need to follow this with a FLUSH PRIVILEGES statement
to flush the grant tables
The second reason to do this is that these accounts can cause confusion when regular users try to log in If you create an
account for, let's say username laura at any host (%), then
when laura tries to connect from localhost, the MySQL server looks for matching entries in the user table It has laura@% and
(anonymous)@localhost Because MySQL matches the most specific hostname first, the matching row is
(anonymous)@localhost Note that although laura has
supplied a username, this doesn't matter! The anonymous
accounts don't require a username This anonymous account is likely to have a different password from laura's account (by default, the password is blank, meaning the user should not supply one) This means that when laura tries to log in with her username and password from localhost, she will get an
Access Denied error for no obvious reason
Again, the best way to avoid this problem is to delete these accounts and forget about them
Dangerous Privileges
MySQL has a very fine-grained privilege system, as we
discussed in Chapter 11 You must be very careful about to
whom you grant some of these privileges The specific ones to
be most careful of are FILE, PROCESS, and WITH GRANT OPTION
The FILE privilege allows users to LOAD DATA INFILE This can
be manipulated to load in files from the server (such as the password file /etc/passwd) or even database data files,
effectively circumventing the privilege system
Trang 8The PROCESS privilege allows users to SHOW PROCESSLIST This reveals the queries being executed at any given time, which may reveal confidential information about one user to another
The WITH GRANT OPTION privilege allows a user to share his privileges with others As long as you know this and understand the consequences, you can grant this privilege cautiously
Passwords and Encryption
MySQL user passwords are encrypted Before version 4.1, you could use the encrypted password as stored to log in This has now been fixed and the password and login mechanism have been made more secure
If you are writing an application that stores (non-MySQL)
usernames and passwords, we recommend that you use
something other than the PASSWORD() function to encrypt them
We recommend use of MD5() or ENCRYPT() instead See
Chapter 8, "Using MySQL Built-In Functions with SELECT," for a further discussion of these functions
Trang 9Functions with SELECT
MySQL has a wide variety of built-in operators and functions that can be useful for writing queries Most of these are for use
in the SELECT and WHERE clauses There are also some special grouping functions for use in the GROUP BY clause We have already used the basic comparison operators and the count()
and max() functions A vast number of functions are available
In this chapter, we take a tour of the most useful ones This book is not trying to be a function reference by any meanswe are just trying to give you a feel for the types of functionality available
We will cover the following:
Operators
Control flow functions
String functions
Numeric functions
Date and time functions
Cast functions
Other functions
Functions for use with GROUP BY clauses
Trang 10One important point to note is that, in MySQL, any expression containing NULL will evaluate to NULL, with a few exceptions we will note as we go along We will discuss this further in the
section on comparison operators
In this chapter, we will make some use of the SELECT statement without any tables We can use SELECT as a basic calculator For example, if we type
select 2+2;
we will get the result
+ -+
| 2+2 |
+ -+
| 4 |
+ -+
1 row in set (0.42 sec)
We can execute any expression without tables and have access
to a full range of math and other operators and functions
Although the capability to execute 2+2 is trivial, the capability
to do math at the SELECT level is not always so For example, this lets you perform financial analysis of values in tables and display the results in a report
In all MySQL expressions, you can use parentheses to control the order in which subexpressions are evaluated, as you would
in any programming language
We will begin by looking at the operators