-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path15.Securing Databases.sql
90 lines (66 loc) · 2.07 KB
/
15.Securing Databases.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
/*******************************************/
/* Creating a user */
/*******************************************/
/* with IP address */
CREATE USER [email protected];
/* with Host name */
CREATE USER john@localhost;
CREATE USER [email protected];
-- from any subdomain of sample.com
CREATE USER john@'%.sample.com';
/* can access from anywhere with this name */
CREATE USER john IDENTIFIED BY '1234';
/*******************************************/
/* View users */
/*******************************************/
SELECT * FROM mysql.user;
/*******************************************/
/* Dropping users */
/*******************************************/
DROP USER john;
/*******************************************/
/* Changing password */
/*******************************************/
-- set password for a specific user
SET PASSWORD FOR john = '5678';
-- set password ourselves who ever is currently logged in
SET PASSWORD = 'abcdefg';
/*******************************************/
/* Granting Priviliges */
/*******************************************/
-- Scenerio 1) web/desktop application
CREATE USER awesome_app IDENTIFIED BY '1234';
-- execute means able to use stored procedures
/*
GRANT ....
ON database_name.table_name (or * for every tables)
TO username;
*/
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE
ON mosh_sql_store.*
TO awesome_app;
-- Scenerio 2) Admin User
/*
GRANT ALL (all means every priviliges)
ON *.* (every database and every tables)
TO username;
*/
GRANT ALL
ON *.*
TO john;
/*******************************************/
/* Viewing Priviliges */
/*******************************************/
SHOW GRANTS FOR john;
-- for current user
SHOW GRANTS;
/*******************************************/
/* Revoking Priviliges */
/*******************************************/
GRANT CREATE VIEW
ON sql_store.*
TO awesome_app;
-- now made mistake and want to revoke
REVOKE CREATE VIEW
ON sql_store.*
FROM awesome_app;