All geek questions in one place

A random user can access mysql db

I am writing an application in python and MySQL (MySQLdb, PyQT) and have encountered a problem. It so happened that when a random value is entered in the login form, this random user has some access to db. This user cannot use SELECT, but he can use INSERT! I am new to MySQL and this is the first time I am facing such a problem. I saw a question like the one I ask, but a random user was able to log into db, but had no right to do anything. I looked at the MYSQL.user table, and users without usernames had no right to manipulate the data. shutdown is as follows

| localhost | root | Y | Y | Y | | 127.0.0.1 | root | Y | Y | Y | | localhost | | N | N | N | ......

Can anyone guess why this happened, and is there a solution (workaround?)?

+4
source share
1 answer

Yes, of course, there is a solution in your mysql for your problem.

Use GRANT and REVOKE for this, they lie under the DATA CONTROL LANGUAGE in SQL.

I gave an example of how to use it.

 mysql> revoke all privileges on *.* from 'root'@'localhost';

Using this query, I revoked all root privileges in all tables of all databases. If I want this in the case of any particular database, then ..

 mysql> revoke all privileges on exampledatabase.* from 'root'@'localhost';

If I want this in the case of any particular table, then ..

 mysql> revoke all privileges on exampledatabase.mytable from 'root'@'localhost';

If I want to restrict a specific privilege in the case of any particular table, then ..

 mysql> revoke select on exampledatabase.mytable from 'root'@'localhost';

Now I want to grant a specific privilege to the root user in the case of a specific table.

 mysql> grant select on exampledatabase.mytable to 'root'@'localhost' identified by password '*A4B6157319038724E3560894F7F932C8886EBFCF' with grant option ;
0
source

Source: https://habr.com/ru/post/1502486/

More articles:


All Articles