MySQL Access Control
MySQL Security Access Control
Most users concentrate on MySQL's databases and tables - after all, that's where most of the action takes place - and they don't usually look deeper to understand how it handles access privileges, passwords, and security. This approach is usually more than adequate for most development activities -unless you happen to be a database administrator whose job involves setting up and securing the databases against unauthorized usage or malicious mischief. With that in mind, this chapter examines the MySQL access control system and throws some light on the MySQL grant tables. These tables, which are an integral part of the server's security system, offer database administrators a great deal of power and flexibility in deciding the rules that govern access to the system.
Access Control MySQL
When you attempt to connect to a MySQL server, the server accepts or rejects the connection based on your identity and whether you can verify your identity by supplying the correct password. If not, the server denies access to you completely. Otherwise, the server accepts the connection, and then enters Stage 2 and waits for requests. Your identity is based on two pieces of information: The client host from which you connect Your MySQL username Identity checking is performed using the three user table scope columns (Host, User, and Password). The server accepts the connection only if the Host and User columns in some user table row match the client hostname and username and the client supplies the password specified in that row.
The MySQL Access Privilege system
If you need to administer MySQL, this article gets you off to a good start. In this section, we continue our discussion of security issues with the MySQL access privilege system. The MySQL privilege system ensures that all users may perform only the operations allowed to them. As a user, when you connect to a MySQL server, your identity is determined by the host from which you connect and the username you specify. The system grants privileges according to your identity and what you want to do. MySQL considers both your hostname and username in identifying you because there is little reason to assume that a given username belongs to the same person everywhere on the Internet.