Understanding Access Control


The basis of security for your MySQL server is this: Users should have appropriate access to the data they need, no more and no less. In other words, users should not have too much access to too much data.

Consider the following:

  • Most users need to read and write data from tables, but few users will ever need to be able to create and drop tables.

  • Some users might need to read tables but might not need to update them.

  • You might want to allow users to add data, but not delete data.

  • Some users (managers or administrators) might need rights to manipulate user accounts, but most should not.

  • You might want users to access data via stored procedures, but never directly.

  • You might want to restrict access to some functionality based on from where the user is logging in.

These are just examples, but they help demonstrate an important point. You need to provide users with the access they need and just the access they need. This is known as access control, and managing access control requires creating and managing user accounts.

Tip

Use MySQL Administrator The MySQL Administrator (described in Chapter 2, "Introducing MySQL") provides a graphical user interface that can be used to manage users and account rights. Internally, MySQL Administrator uses the statements described in this chapter, enabling you to manage access control interactively and simply.


Back in Chapter 3, "Working with MySQL," you learned that you need to log in to MySQL in order to perform any operations. When first installed, MySQL creates a user account named root which has complete and total control over the entire MySQL server. You might have been using the root login throughout the chapters in this book, and that is fine when experimenting with MySQL on non-live servers. But in the real world you'd never use root on a day-to-day basis. Instead, you'd create a series of accounts, some for administration, some for users, some for developers, and so on.

Note

Preventing Innocent Mistakes It is important to note that access control is not just intended to keep out users with malicious intent. More often than not, data nightmares are the result of an inadvertent mistake, a mistyped MySQL statement, being in the wrong database, or some other user error. Access control helps avoid these situations by ensuring that users are unable to execute statements they should not be executing.


Caution

Don't Use root The root login should be considered sacred. Use it only when absolutely needed (perhaps if you cannot get in to other administrative accounts). root should never be used in day-to-day MySQL operations.





MySQL Crash Course
MySQL Crash Course
ISBN: 0672327120
EAN: 2147483647
Year: 2004
Pages: 214
Authors: Ben Forta

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net