MySQL指定账号加密方式的方法.pdf

AIQ

719

4页

12次

2020-02-21

5墨值下载



Author:AIQ

E-mail:byyelang@gmail.com

caching_sha2_password > sha256_password > mysql_native_password

1.1

2.1

caching_sha2_password > sha256_password >

mysql_native_password

The caching_sha2_password and sha256_password authentication plugins provide more

secure password encryption than the mysql_native_password plugin, and

caching_sha2_password provides better performance than sha256_password.

13.7.1.3 CREATE USER Syntax

CREATE USER [IF NOT EXISTS]

 user [auth_option] [, user [auth_option]] ...

 DEFAULT ROLE role [, role ] ...

 [REQUIRE {NONE | tls_option [[AND] tls_option] ...}]

 [WITH resource_option [resource_option] ...]

 [password_option | lock_option] ...

user:

 (see Section 6.2.4, “Specifying Account Names”)

auth_option: {

 IDENTIFIED BY 'auth_string'

| IDENTIFIED WITH auth_plugin

| IDENTIFIED WITH auth_plugin BY 'auth_string'

| IDENTIFIED WITH auth_plugin AS 'hash_string'

}

tls_option: {

 SSL

| X509

| CIPHER 'cipher'

| ISSUER 'issuer'

| SUBJECT 'subject'

}

resource_option: {

 MAX_QUERIES_PER_HOUR count

| MAX_UPDATES_PER_HOUR count

| MAX_CONNECTIONS_PER_HOUR count

| MAX_USER_CONNECTIONS count

}

1.1

password_option: {

 PASSWORD EXPIRE [DEFAULT | NEVER | INTERVAL N DAY]

| PASSWORD HISTORY {DEFAULT | N}

| PASSWORD REUSE INTERVAL {DEFAULT | N DAY}

| PASSWORD REQUIRE CURRENT [DEFAULT | OPTIONAL]Account Management Statements

2241

}

lock_option: {

 ACCOUNT LOCK

| ACCOUNT UNLOCK

}

The CREATE USER statement creates new MySQL accounts. It enables authentication,

role, SSL/TLS,

resource-limit, and password-management properties to be established for new

accounts, and controls

whether accounts are initially locked or unlocked.

To use CREATE USER, you must have the global CREATE USER privilege, or the

INSERT privilege

for the mysql system database. When the read_only system variable is enabled,

CREATE USER

additionally requires the CONNECTION_ADMIN or SUPER privilege.

CREATE USER either succeeds for all named users or rolls back and has no effect

if any error occurs.

By default, an error occurs if you try to create a user that already exists. If

the IF NOT EXISTS clause

is given, the statement produces a warning for each named user that already

exists, rather than an

error.

Important

Under some circumstances, CREATE USER may be recorded in server logs or

on the client side in a history file such as ~/.mysql_history, which means

that cleartext passwords may be read by anyone having read access to that

information. For information about the conditions under which this occurs for

the

server logs and how to control it, see Section 6.1.2.3, “Passwords and Logging”.

For similar information about client-side logging, see Section 4.5.1.3, “mysql

Logging”.

CREATE USER

'jeffrey'@'localhost' IDENTIFIED WITH mysql_native_password

                 BY 'new_password1',

'jeanne'@'localhost' IDENTIFIED WITH sha256_password

                BY 'new_password2'

REQUIRE X509 WITH MAX_QUERIES_PER_HOUR 60

PASSWORD HISTORY 5

ACCOUNT LOCK;

13.7.1.1 ALTER USER Syntax

ALTER USER [IF EXISTS]

 user [auth_option] [, user [auth_option]] ...

 [REQUIRE {NONE | tls_option [[AND] tls_option] ...}]

1.1

password_option: {

 PASSWORD EXPIRE [DEFAULT | NEVER | INTERVAL N DAY]

| PASSWORD HISTORY {DEFAULT | N}

| PASSWORD REUSE INTERVAL {DEFAULT | N DAY}

| PASSWORD REQUIRE CURRENT [DEFAULT | OPTIONAL]Account Management Statements

2241

}

lock_option: {

 ACCOUNT LOCK

| ACCOUNT UNLOCK

}

The CREATE USER statement creates new MySQL accounts. It enables authentication,

role, SSL/TLS,

resource-limit, and password-management properties to be established for new

accounts, and controls

whether accounts are initially locked or unlocked.

To use CREATE USER, you must have the global CREATE USER privilege, or the

INSERT privilege

for the mysql system database. When the read_only system variable is enabled,

CREATE USER

additionally requires the CONNECTION_ADMIN or SUPER privilege.

CREATE USER either succeeds for all named users or rolls back and has no effect

if any error occurs.

By default, an error occurs if you try to create a user that already exists. If

the IF NOT EXISTS clause

is given, the statement produces a warning for each named user that already

exists, rather than an

error.

Important

Under some circumstances, CREATE USER may be recorded in server logs or

on the client side in a history file such as ~/.mysql_history, which means

that cleartext passwords may be read by anyone having read access to that

information. For information about the conditions under which this occurs for

the

server logs and how to control it, see Section 6.1.2.3, “Passwords and Logging”.

For similar information about client-side logging, see Section 4.5.1.3, “mysql

Logging”.

CREATE USER

'jeffrey'@'localhost' IDENTIFIED WITH mysql_native_password

                 BY 'new_password1',

'jeanne'@'localhost' IDENTIFIED WITH sha256_password

                BY 'new_password2'

REQUIRE X509 WITH MAX_QUERIES_PER_HOUR 60

PASSWORD HISTORY 5

ACCOUNT LOCK;

13.7.1.1 ALTER USER Syntax

ALTER USER [IF EXISTS]

 user [auth_option] [, user [auth_option]] ...

 [REQUIRE {NONE | tls_option [[AND] tls_option] ...}]

of 4

5墨值下载

mysql 官方文档安全规范

关注

评论