zoukankan      html  css  js  c++  java

  • MySQL 8.0用户及安全管理

    用户的功能

    登录数据库
管理数据库对象

    用户的组成

    用户名@'白名单'

    白名单:

    %
10.0.0.10
10.0.0.%
10.0.0.5%
10.0.0.0/255.255.254.0
oldguo.com
db01
127.0.0.1
localhost   ----> socket

    用户的管理

    创建用户

    sha2 : 8.0新的特性
create user test@'localhost' identified by '123456';

native: 兼容老版本
create user test@'10.0.0.%' identified with mysql_native_password by '123456';
    mysql> select user,host,authentication_string,plugin from mysql.user where user='test';
+------+-----------+------------------------------------------------------------------------+-----------------------+
| user | host      | authentication_string                                                  | plugin                |
+------+-----------+------------------------------------------------------------------------+-----------------------+
| test | 10.0.0.%  | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9                              | mysql_native_password |
| test | localhost | $A$005$N]i!&l5mc<]LLWHVU6M3YoRDkeSbKtTpDAary4WGFMtmapVJxyNwnd0 | caching_sha2_password |
+------+-----------+------------------------------------------------------------------------+-----------------------+
2 rows in set (0.01 sec)

    删除用户

    mysql> drop user test@'10.0.0.%';
Query OK, 0 rows affected (0.00 sec)

    修改用户

    mysql> alter user test@'localhost' identified with mysql_native_password by '123';
Query OK, 0 rows affected (0.00 sec)

    由于加密插件导致无法登录

    1. 主从复制
    2. 高可用
    3. 老版本开发工具
    mysql>  create user test1@'%' identified  by '123456';
Query OK, 0 rows affected (0.00 sec)

    用户资源管理

    密码过期时间

    mysql> select @@default_password_lifetime;
+-----------------------------+
| @@default_password_lifetime |
+-----------------------------+
|                           0 |             默认:密码永不过期
+-----------------------------+
1 row in set (0.00 sec)

    设置密码时效

    # 设置密码有效期为180天
    mysql> SET PERSIST default_password_lifetime = 180; 
Query OK, 0 rows affected (0.00 sec)

mysql> select @@default_password_lifetime;
+-----------------------------+
| @@default_password_lifetime |
+-----------------------------+
|                         180 |
+-----------------------------+
1 row in set (0.00 sec)
    CREATE USER 'test'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;
ALTER USER test@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;
CREATE USER 'test'@'localhost' PASSWORD EXPIRE NEVER;
ALTER USER 'test'@'localhost' PASSWORD EXPIRE NEVER;

    密码重用

     默认随意重复使用

    password_history=6             # 6次之内不能重复使用此密码
password_reuse_interval=365     # 365天之内不能重复使用此密码

    用户的锁定与解锁

    ALTER USER 'app_dev'@'localhost' ACCOUNT LOCK;
ALTER USER 'app_dev'@'localhost' ACCOUNT UNLOCK;

    权限管理

    权限列表

    mysql> show privileges;
常用权限:
Alter                   
Alter routine           
Create                  
Create routine          
Create role             
Create temporary tables 
Create view             
Create user             
Delete                  
Drop                    
Drop role               
Event                   
Execute                 
File                    
Grant option            
Index                   
Insert                  
Lock tables             
Process                 
Proxy                   
References              
Reload                  
Replication client      
Replication slave       
Select                  
Show databases          
Show view               
Shutdown                
Super                   
Trigger                 
Create tablespace       
Update

    授权

    8.0版本不能授权和设置密码一起写,多次授权同一用户是叠加权限而不是覆盖

    mysql> grant all on *.* to zh@'localhost';

    查看权限

    mysql> show grants for zh@'localhost' ;
+----------------------------------------+
| Grants for zh@localhost                |
+----------------------------------------+
| GRANT USAGE ON *.* TO `zh`@`localhost` |         ##Usage表示只有连接库权限
+----------------------------------------+
1 row in set (0.00 sec)

    对某一列授权

     回收权限

    mysql> revoke delete on *.* from zh@'localhost';
Query OK, 0 rows affected (0.01 sec)

mysql> revoke select(id) on test.account from user1@'10.0.0.%';
Query OK, 0 rows affected (0.00 sec)

    基于role的创建和授权

     查看所有role

    生产中的用户类型权限规范

    管理员 : ALL
开发   : Create ,Create routine,Create temporary tables,Create view,Delete ,Event ,Execute,Insert ,References,Select,Show databases ,Show view ,Trigger,Update 
监控  : select , replication slave , client  supper
备份  : ALL
主从  : replication slave 
业务  : insert , update , delete ,select 
  • 相关阅读:
    Delphi 7下使用VT实现树型列表结合控件
    Spring:源码解读Spring IOC原理
    【HTTP】Fiddler(二)
    简单工厂模式、工厂方法模式、抽象工厂模式 之间的对比
    UML类图关系(泛化 、继承、实现、依赖、关联、聚合、组合)
    Tomcat 的context.xml
    Tomcat的context.xml说明、Context标签讲解
    Node.js
    区块链架构设计
    什么是区块链
  • 原文地址:https://www.cnblogs.com/zh-dream/p/12945295.html
Copyright © 2011-2022 走看看