Page 28 - Open Soource Technologies 304.indd
P. 28
Unit 2: Working with My SQL
One note about adding users: Always use a password and make sure that the password is a Notes
good one! My SQL allows you to create users without a password, but that leaves the door
wide open should someone with bad intentions guess the name of one of your users with full
privileges granted to them!
If you use the GRANT command to add users, the changes will immediately take effect. To
make absolutely sure of this, you can issue the FLUSH PRIVILEGES command in the My SQL
monitor to reload the privilege tables.
2.2.2 Removing Privileges of My SQL
Removing Privileges is as simple as adding them; instead of a GRANT command, you use
REVOKE. The REVOKE command syntax is:
REVOKE privileges.
ON databasename.tablename.
FROM username@hostname;
In the same way that you can grant permissions using INSERT commands, you can also revoke
permissions by issuing DELETE commands to remove records from tables in the My SQL
database. However, this requires that you be familiar with the fields and tables, and it’s just
much easier and safer to use REVOKE.
To revoke the ability for user john to INSERT items in the myCompany database, you would
issue this REVOKE statement:
REVOKE INSERT
ON myDB.*
FROM john@”%”;
Changes made to the data in the privilege tables happen immediately, but in order for the server
to be aware of your changes, issue the FLUSH PRIVILEGES command in the My SQL monitor.
Installing My SQL on Windows and Mac OS X is a very simple process, thanks to a wizard-based
installation method. My SQL AB provides a GUI-based administration tool for Windows users,
called WinMy SQLadmin. Linux/Unix users do not have a wizard-based installation process,
but it’s not difficult to follow a simple set of commands to unpack the My SQL client and server
binaries. Linux/Unix users can also use RPMs for installation.
Security is always a priority and there are several steps you can take to ensure a safe and secure
installation of My SQL. Even if you are not the administrator of the server, you should be able
to recognize breaches and raise a ruckus with the server administrator!
The My SQL server should never run as the root user. Additionally, named users within My
SQL should always have a password and their access privileges should be well defined.
My SQL uses the privilege tables in a two-step process for each request that is made. My SQL
needs to know who you are and where you are connecting from and each of these pieces of
information must match an entry in its privilege tables. Also, the user whose identity you are
using must have specific permission to perform the type of request you are making.
You can add user privileges using the GRANT command, which uses a simple syntax to add
entries to the user table in the My SQL database. The REVOKE command, which is equally
simple, is used to remove those privileges.
LOVELY PROFESSIONAL UNIVERSITY 23
