威凡网全力打造:网页编程、软件开发编程、平面设计、服务器端开发、操作系统等在线学习平台!学编程,上威凡网!
数据库>> Mysql Sqlserver Oracle SQlite Access Sybase SQL其他
当前位置:首页 > 数据库 > Mysql
上一节 下一节
 MySQL安全配置详解

1. 前言

mysql数据库安全配置、或者叫加固属于风险模型中的一环,它需要安全人员在理论和实践的学习中不断发现新的问题,并针对这些问题对数据的各个方面的配置进行强化。本文试图围绕着数据库风险识别、数据库安全加固这个问题,探讨可以采取的措施来最大程度的保证我们的数据库的安全控制处在一个较好的水平。

2. mysql账户权限安全

mysql中存在4个控制权限的表,分别为


1. mysql.user表
2. mysql.db表
3. mysql.tables_priv表
4. mysql.columns_priv表

要注意的是,mysql中有一个数据库"information_schema",似乎里面保存的也是一些权限信息,但是要明白的是,这个数据库"information_schema"是为系统管理员提供元数据的一个简便方式,它实际上是一个视图,可以理解为对mysql中的一个信息的封装,对于mysql主程序来说,身份认证和授权的信息的来源只有一个,就是"mysql"。

 

0×1. mysql.user表


select * from user;
desc user;
mysql> desc user;+-------------------------------+------+-----+---------+-------+
| field | type | null | key | default | extra |
+-------------------------------+------+-----+---------+-------+
| host | char(60) | no | pri | | |
| user | char(16) | no | pri | | |
| password | char(41) | no | | | |
| select_priv | enum('n','y') | no | | n | |
| insert_priv | enum('n','y') | no | | n | |
| update_priv | enum('n','y') | no | | n | |
| delete_priv | enum('n','y') | no | | n | |
| create_priv | enum('n','y') | no | | n | |
| drop_priv | enum('n','y') | no | | n | |
| reload_priv | enum('n','y') | no | | n | |
| shutdown_priv | enum('n','y') | no | | n | |
| process_priv | enum('n','y') | no | | n | |
| file_priv | enum('n','y') | no | | n | |
| grant_priv | enum('n','y') | no | | n | |
| references_priv | enum('n','y') | no | | n | |
| index_priv | enum('n','y') | no | | n | |
| alter_priv | enum('n','y') | no | | n | |
| show_db_priv | enum('n','y') | no | | n | |
| super_priv | enum('n','y') | no | | n | |
| create_tmp_table_priv | enum('n','y') | no | | n | |
| lock_tables_priv | enum('n','y') | no | | n | |
| execute_priv | enum('n','y') | no | | n | |
| repl_slave_priv | enum('n','y') | no | | n | |
| repl_client_priv | enum('n','y') | no | | n | |
| create_view_priv | enum('n','y') | no | | n | |
| show_view_priv | enum('n','y') | no | | n | |
| create_routine_priv | enum('n','y') | no | | n | |
| alter_routine_priv | enum('n','y') | no | | n | |
| create_user_priv | enum('n','y') | no | | n | |
| event_priv | enum('n','y') | no | | n | |
| trigger_priv | enum('n','y') | no | | n | |
| create_tablespace_priv | enum('n','y') | no | | n | |
| ssl_type | enum('','any','x509','specified') | no | | | |
| ssl_cipher | blob | no | | null | |
| x509_issuer | blob | no | | null | |
| x509_subject | blob | no | | null | |
| max_questions | int(11) unsigned | no | | 0 | |
| max_updates | int(11) unsigned | no | | 0 | |
| max_connections | int(11) unsigned | no | | 0 | |
| max_user_connections | int(11) unsigned | no | | 0 | |
| plugin | char(64) | yes | | | |
| authentication_string | text | yes | | null | |
| password_expired | enum('n','y') | no | | n | |
+-------------------------------+------+-----+---------+-------+

0×2. mysql.db表


select * from db;
desc db;
mysql> desc db; +-------------+------+-----+---------+-------+
| field | type | null | key | default | extra |
+-------------+------+-----+---------+-------+
| host | char(60) | no | pri | | |
| db | char(64) | no | pri | | |
| user | char(16) | no | pri | | |
| select_priv | enum('n','y') | no | | n | |
| insert_priv | enum('n','y') | no | | n | |
| update_priv | enum('n','y') | no | | n | |
| delete_priv | enum('n','y') | no | | n | |
| create_priv | enum('n','y') | no | | n | |
| drop_priv | enum('n','y') | no | | n | |
| grant_priv | enum('n','y') | no | | n | |
| references_priv | enum('n','y') | no | | n | |
| index_priv | enum('n','y') | no | | n | |
| alter_priv | enum('n','y') | no | | n | |
| create_tmp_table_priv | enum('n','y') | no | | n | |
| lock_tables_priv | enum('n','y') | no | | n | |
| create_view_priv | enum('n','y') | no | | n | |
| show_view_priv | enum('n','y') | no | | n | |
| create_routine_priv | enum('n','y') | no | | n | |
| alter_routine_priv | enum('n','y') | no | | n | |
| execute_priv | enum('n','y') | no | | n | |
| event_priv | enum('n','y') | no | | n | |
| trigger_priv | enum('n','y') | no | | n | |
+-------------+------+-----+---------+-------+

0×3. mysql.tables_priv表


select * from tables_priv;
desc tables_priv;
mysql> desc tables_priv;
+------------------+------+-----+--------------------+
| field | type | null | key | default | extra |
+------------------+------+-----+--------------------+
| host | char(60) | no | pri | | |
| db | char(64) | no | pri | | |
| user | char(16) | no | pri | | |
| table_name | char(64) | no | pri | | |
| grantor | char(77) | no | mul | | |
| timestamp | timestamp | no | | current_timestamp | on update current_timestamp |
| table_priv | set('select','insert','update','delete','create','drop','grant','references','index','alter','create view','show view','trigger') | no | | | |
| column_priv | set('select','insert','update','references') | no | | | |
+------------------+------+-----+--------------------+

0×4. mysql.columns_priv表


申明:本教程内容由威凡网编辑整理并提供IT程序员分享学习,如文中有侵权行为,请与站长联系(QQ:254677821)!
上一节 下一节
相关教程  
其他教程  
Mysql
Sqlserver
Oracle
SQlite
Access
Sybase
SQL其他

违法和不良信息举报中心】邮箱:254677821@qq.com
Copyright©威凡网 版权所有 苏ICP备2023020142号
站长QQ:254677821