Securing the Database - Database Design Manual: Using MySQL for Windows

Database Reference

In-Depth Information

Securing the Database 12

Protecting Valuable Data

So far in this topic we have been using our database as a single user. We are logging in as a

root user with no restrictions on what we do to our data. We can create tables and databases

whenever we want, and we can delete data and whole tables and databases just as quickly,

with no restrictions. This is fine for a single user who takes responsibility for his actions,

but what if many people are using the data?

MySQL is a multi-user system, so many people can access the data at one time. If you

have ever used any multi-user system where everyone has the highest level of access then

you will know that even when there is no malicious activity, files disappear, mistakes are

made, and data and time are lost. When you give someone access to your data, you should

therefore restrict them to the minimum level of access that is possible for them to perform

their task. That way any damage that they may cause is limited.

So MySQL provides a method of creating and maintaining user accounts, and then

granting specific levels of access to these users. This chapter will describe some of the

methods of creating users so that the data will be protected.

To create a user within MySQL you GRANT them access to a resource. At that time you

provide a string to identify that user to the system (the username) and a string to authen-

ticate that user.

The User Table

Users are actually stored within a table within MySQL. To look at the table, make sure that

you are in the mysql database (the rest of the chapters use the mysqlfast database) by select-

ing it from the database dropdown or typing:

use mysql

The mysql database contains the system tables which MySQL needs to function. The user

table is one table within this database. We created all of the other tables in this topic in a

separate database so that we could clearly distinguish our tables and system tables from

each other. You can view the user table by executing the following query:

describe user

135

Search WWH ::

Custom Search

Home