Learning Mysql
Download 4.24 Mb. View original pdf
|
- Navigate this page:
- GRANT USAGE onto @; Securing the Default Users
- REVOKE ALL ON test FROM @%;
| 330 | Chapter 9: Managing Users and Privileges You can explicitly allow access to other specific users for example, you can create an anonymous user and allow anonymous access from any host by typing: mysql> GRANT USAGE onto ''@''; Securing the Default Users Now that you understand the default users and from which locations they can access the database server, let’s take steps to secure the users. We recommend that you do the following: Always set a password for the root user Choosing and setting a strong password for your administrator user is essential, except in the case where you’re the only user of a machine that is unconnected to a network and contains no valuable information. Remove privileges for the test databases Allowing any user to work with the test database and any database beginning with the string testis insecure. Remove anonymous access Unless you want anyone to be able to connect to your MySQL server, it’s better to allow access only by named users. We therefore recommend that you remove the anonymous users. If you understand and want anonymous access, read the next section, Devising a User Security Policy to devise an appropriate access policy. Remove remote access Unless there’s a requirement for the server to allow client connections from other machines, it’s better to allow access from only the localhost . If you need remote access, read Devising a User Security Policy to devise an appropriate access policy. To perform our recommended steps to secure your server, you need to login to the monitor as the root user mysql --user=root --password=the_mysql_root_password Having connected, set a password for the root user connecting from localhost : mysql> SET PASSWORD FOR 'root'@'localhost' = password('the_mysql_root_password'); Query OK, 0 rows affected (0.22 sec) If you’ve already set a password for the root user, this will update it. If you plan to keep other root users who can access the server from other hosts, make sure you add passwords for these, too. If you don’t plan to keep them, don’t worry our later steps will remove them anyway. To remove access to the test databases, type the following: mysql> REVOKE ALL ON test FROM ''@'%'; Query OK, 0 rows affected (0.28 sec) Download 4.24 Mb. Share with your friends:
|