Learning Mysql



Download 4.24 Mb.
View original pdf
Page286/366
Date04.08.2023
Size4.24 Mb.
#61806
1   ...   282   283   284   285   286   287   288   289   ...   366
Learning MySQL
312 | Chapter 9:
Managing Users and Privileges

Suppose now that you want to allow toorak to access the MySQL server that’s running on ruttle
. There are several different ways to do this, some more flexible than others.
The simplest approach is to connect to the MySQL server on ruttle as the root user and grant privileges to anew user 'hugh'@'toorak.invyhome.com'
using the following statement:
mysql> GRANT ALL ONTO 'hugh'@'toorak.invyhome.com' IDENTIFIED BY 'the_password';
Query OK, 0 rows affected (0.00 sec)
You’ll now find that you can run a MySQL monitor on toorak and connect to ruttle using the following command mysql --user=hugh --host=ruttle.invyhome.com --password=the_password
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 52 to server version 5.0.22-standard-log
Type 'help' or 'h' for help. Type 'c' to clear the buffer.
mysql>
Using the IP addresses 192.168.1.2 for ruttle.invyhome.com and 192.168.1.4 for toorak.invyhome.com should work too, and it’s more secure, as IP addresses are harder to spoof than domain names.
Our approach so far has been to create new users for each IP address. We now have three users with the name hugh
, one each for the localhost
, 192.168.1.2, and. This isn’t always a good approach we now have to remember to maintain all three users and keep their privileges synchronized if we want the same access level from all three locations. However, it’s also flexible it allows you to differentiate between different remote users with the same username, or offer a flexible, customized security policy when a user connects from different locations.
Let’s consider other ways to allow the same user to connect from several locations. You can allow a user to connect from all computers on a network subnet by using one or more wildcards in the
GRANT
statement. Suppose you want to allow jill to connect from any of the machines in the domain invyhome.com
. You can do this with:
mysql> GRANT ALL ONTO 'jill'@'%.invyhome.com' IDENTIFIED BY 'the_password';
Query OK, 0 rows affected (0.01 sec)
As in the SQL
LIKE
clause, the wildcard character matches any string, and so this entry now matches any domain name with the suffix invyhome.com. The outcome is that connections as jill from ruttle.invyhome.com and toorak.invyhome.com are allowed;
jill can also connect from any other machine that joins the network.
You can also use wildcards in IP addresses. For example, you can allow connections from all machines on the invyhome.com subnet by allowing access to machines matching the IP address range To do this, run the following:

Download 4.24 Mb.

Share with your friends:
1   ...   282   283   284   285   286   287   288   289   ...   366




The database is protected by copyright ©ininet.org 2025
send message

    Main page