Chapter 12 Continued
description
Transcript of Chapter 12 Continued
![Page 1: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/1.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Chapter 12 Continued
![Page 2: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/2.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
![Page 3: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/3.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Assigning Global privileges• CREATE USER 'ethel'@'localhost' IDENTIFIED BY 'coffee'; • GRANT ALL ON *.* TO 'ethel'@'localhost' WITH GRANT OPTION;
![Page 4: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/4.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Assigning Database Level privileges• To grant privileges at this level, use an ON db_name.* clause:
• CREATE USER 'bill'@'racer.snake.net' IDENTIFIED BY 'rock';• GRANT ALL ON sampdb.* TO 'bill'@'racer.snake.net';
• CREATE USER 'reader'@'%' IDENTIFIED BY 'dirt';• GRANT SELECT ON menagerie.* TO 'reader'@'%';
![Page 5: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/5.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Database Level • name only the specific privileges to be enabled:
• CREATE USER 'jennie'@'%' IDENTIFIED BY 'boron'; • GRANT SELECT,INSERT,DELETE,UPDATE ON sampdb.* TO
'jennie'@'%';
![Page 6: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/6.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
At the database level
• you can grant privileges for individual tables, or even for individual columns in tables.
• Column-specific privileges are useful when there are parts of a table you want to hide from a user,
• when you want a user to be able to modify only particular columns.
![Page 7: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/7.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Specific Columns at Database level• CREATE USER 'assistant'@'localhost' IDENTIFIED BY
'officehelp'; • GRANT SELECT, UPDATE (expiration,street,city,state,zip)
ON sampdb.member TO 'assistant'@'localhost';
![Page 8: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/8.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Secure Connections
• MySQL enables clients to establish secure connections using the SSL (Secure Sockets Layer) protocol
• X509 can be used as a means for the client to provide identification information over SSL connections.
![Page 9: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/9.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Secure Connections• CREATE USER 'eladio'@'%.snake.net' IDENTIFIED BY 'flint'; • GRANT ALL ON sampdb.* TO 'eladio'@'%.snake.net' REQUIRE
SSL;
![Page 10: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/10.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Present a valid X509 certificate• GRANT ALL ON sampdb.* TO 'eladio'@'%.snake.net'
REQUIRE X509;
![Page 11: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/11.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
X509 certificate
• REQUIRE X509 imposes no constraints on the certificate's contents other than that it be valid.
• To be even more strict, REQUIRE enables you to indicate that the client's X509 certificate must have certain characteristics.
• These characteristics are given with ISSUER or SUBJECT options in the REQUIRE clause.
• ISSUER and SUBJECT refer to the certificate issuer and recipient.
![Page 12: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/12.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Limiting an Account's Resource Consumption
• CREATE USER 'spike'@'localhost' IDENTIFIED BY 'pyrite'; GRANT ALL ON sampdb.* TO 'spike'@'localhost' WITH MAX_CONNECTIONS_PER_HOUR 10
MAX_QUERIES_PER_HOUR 200 MAX_UPDATES_PER_HOUR 50;
![Page 13: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/13.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Resource Consumption
• The default value for each option is zero, which means "no limit."
![Page 14: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/14.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Displaying Account Privileges
• SHOW GRANTS FOR 'sampadm'@'localhost';
• SHOW GRANTS FOR CURRENT_USER();
![Page 15: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/15.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Revoking Privileges and Removing Users
• REVOKE privileges [(columns)] ON what FROM account;
![Page 16: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/16.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Revoke Privileges• GRANT ALL ON sampdb.* TO 'boris'@'localhost'; • REVOKE DELETE,UPDATE ON sampdb.* FROM 'boris'@'localhost';
![Page 17: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/17.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Changing Passwords or Resetting Lost Passwords
• mysql> UPDATE user SET Password=PASSWORD('silicon') -> WHERE User='boris' AND Host='localhost'; • mysql> FLUSH PRIVILEGES;
![Page 18: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/18.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
SET PASSWORD • mysql> SET PASSWORD FOR 'boris'@'localhost' =
PASSWORD('silicon');
• You can always change your own password with SET PASSWORD• To change the password for another account, you must have the
UPDATE privilege for the mysql database.
![Page 19: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/19.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Change Password with Grant Usage• Another way to change a password is to use GRANT USAGE
with an IDENTIFIED BY clause.• mysql> GRANT USAGE ON *.* TO 'boris'@'localhost'
IDENTIFIED BY 'silicon';
![Page 20: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/20.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
MAINTAINING LOGS
![Page 21: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/21.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Error Log
• This log contains a record of server startups and shutdowns, as well as messages about problems or exceptional conditions.
• This is the place to look if the server fails to start. – the server writes a message to the error log
before it terminates to indicate what problem occurred.
![Page 22: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/22.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
The general query log
• Contains a record of client connections, • SQL statements received from clients, and
various other miscellaneous events.• Useful for monitoring server activity: who is
connecting, from where, and what they are doing.
• Useful for troubleshooting or debugging.
![Page 23: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/23.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
The slow-query log
• Helps you identify statements that may be in need of being rewritten for better performance.
• The server maintains a long_query_time system variable that defines "slow" queries (10 seconds by default).
• If a query takes more than that many seconds of real time, it is considered slow and is recorded in the slow-query log.
• The slow-query log also can be used to log queries for which no indexes were used.
![Page 24: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/24.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
The binary log and the binary log index file
• Contain a record of modifications performed by UPDATE, DELETE, INSERT, CREATE TABLE, DROP TABLE, GRANT, and so forth.
• Binary log contents are written as data modification "events" encoded in binary format.
• The binary log files are accompanied by an index file that lists which binary log files exist on the server.
![Page 25: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/25.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
The binary log has two purposes:
– Used in conjunction with your backups to restore tables after a crash. • Restore databases from your backup files, and then use
mysqlbinlog to convert the binary log contents to text statements.
– The data modification events stored in the binary log are transmitted to replication slave servers.
![Page 26: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/26.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
The relay log and the relay log index file
• If the server acts as a replication slave, it maintains a relay log that contains a record of data-modification events received from the master that need to be executed.
• Relay log files have the same format as binary log files, and there is an index file that lists which relay log files exist on the slave.
![Page 27: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/27.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Tuning the Server
• System variables can exist at two levels: global and session-specific.
• Global variables affect the operation of the server as a whole.
• Session-specific variables affect only how the server treats a given client connection.
![Page 28: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/28.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
System Variables
• For variables that exist at both levels, the global values are used to initialize the corresponding session variables.
• This happens only when a new client connection begins
• Changing a global variable during a connection does not affect the current value of the client's corresponding session variable.
![Page 29: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/29.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
System Variables
• It is possible for a system variable to have • both global and session forms, • only a global form, • or only a session form.
![Page 30: Chapter 12 Continued](https://reader035.fdocuments.in/reader035/viewer/2022062310/5681672c550346895ddbcbf1/html5/thumbnails/30.jpg)
Mysql developer's Library - Paul Dubois 4th Edition
Checking System Variable Values
• mysql> SHOW VARIABLES; • mysql> SHOW VARIABLES LIKE 'key%';