The primary function of the MySQL
privilege system is to authenticate a user connecting from a given host, and to
associate that user with privileges on a database such as select, insert,
update and delete.
Additional functionality includes the
ability to have an anonymous user and to grant privileges for MySQL-specific
functions such as LOAD DATA INFILE and administrative operations.
MySQL User Names and Passwords
There are several distinctions between
the way user names and passwords are used by MySQL and the way they are used by
Unix or Windows:
User names, as used by MySQL for
authentication purposes, have nothing to do with Unix user names (login names)
or Windows user names. Most MySQL clients by default try to log in using the
current Unix user name as the MySQL user name, but that is for convenience only.
Client programs allow a different name to be specified with the -u or --user
options. This means that you can't make a database secure in any way unless all
MySQL user names have passwords. Anyone may attempt to connect to the server
using any name, and they will succeed if they specify any name that doesn't
have a password. MySQL user names can be up to 16 characters long; Unix user
names typically are limited to 8 characters. MySQL passwords have nothing to do
with Unix passwords. There is no necessary connection between the password you
use to log in to a Unix machine and the password you use to access a database
on that machine. MySQL encrypts passwords using a different algorithm than the
one used during the Unix login process.
Note that even if the password is
stored 'scrambled', and knowing your
'scrambled' password is enough to be able to connect to the MySQL server!
Connecting to the MySQL Server
MySQL client programs generally
require that you specify connection parameters when you want to access a MySQL
server: the host you want to connect to, your user name, and your password. For
example, the mysql client can be started like this (optional arguments are
enclosed between `[' and `]'):
shell> mysql [-h host_name] [-u
user_name] [-pyour_pass]
Alternate forms of the -h, -u, and -p
options are --host=host_name, --user=user_name, and --password=your_pass. Note
that there is no space between -p or --password= and the password following it.
NOTE: Specifying a password on the
command line is not secure! Any user on your system may then find out your
password by typing a command like: ps auxww.
mysql uses default values for
connection parameters that are missing from the command line:
The default hostname is localhost.
The default user name is your Unix
login name.
No password is supplied if -p is
missing.
Thus, for a Unix user joe, the
following commands are equivalent:
shell> mysql -h localhost -u joe
shell> mysql -h localhost
shell> mysql -u joe
shell> mysql
Other MySQL clients behave similarly.
On Unix systems, you can specify
different default values to be used when you make a connection, so that you
need not enter them on the command line each time you invoke a client program.
This can be done in a couple of ways:
You can specify connection parameters
in the [client] section of the `.my.cnf' configuration file in your home
directory. The relevant section of the file might look like this:
[client]
host=host_name
user=user_name
password=your_pass
You can specify connection parameters
using environment variables. The host can be specified for mysql using
MYSQL_HOST. The MySQL user name can be specified using USER (this is for
Windows only). The password can be specified using MYSQL_PWD (but this is
insecure; see the next section).
No comments:
Post a Comment