加強MySQL用戶安全

a、演示雙空用戶登陸  [root@xlkoracel?~]#?mysql?-uroot?-p  Enter?password:?  (root@localhost)?[(none)]>?show?variables?like?'version';  +---------------+--------+  |?Variable_name?|?Value??|  +---------------+--------+  |?version???????|?5.6.26?|  +---------------+--------+    (root@localhost)?[(none)]>?select?user,host,password?from?mysql.user;  +-------+-------------+-------------------------------------------+  |?user??|?host????????|?password??????????????????????????????????|  +-------+-------------+-------------------------------------------+  |?root??|?localhost???|?*E74858DB86EBA20BC33D0AECAE8A8108C56B17FA?|  |?root??|?xlkoracel???|???????????????????????????????????????????|  |?root??|?127.0.0.1???|???????????????????????????????????????????|  |?root??|?::1?????????|???????????????????????????????????????????|  |???????|?localhost???|???????????????????????????????????????????|  |???????|?xlkoracel???|???????????????????????????????????????????|  |?mycat?|?localhost???|?*975B2CD4FF9AE554FE8AD33168FBFC326D2021DD?|  |?mycat?|?192.168.1.%?|?*975B2CD4FF9AE554FE8AD33168FBFC326D2021DD?|  |?mycat?|?192.168.%.%?|?*975B2CD4FF9AE554FE8AD33168FBFC326D2021DD?|  |?root??|?192.168.%.%?|?*E74858DB86EBA20BC33D0AECAE8A8108C56B17FA?|  +-------+-------------+-------------------------------------------+    (root@localhost)?[(none)]>?--?可以看到存在用戶名和密碼同時為空的情形  (root@localhost)?[(none)]>?--?退出后嘗試使用任意用戶名登錄  (root@localhost)?[(none)]>?exit  Bye  [root@xlkoracel?~]#?mysql?-uxx?###無需指定密碼參數-p  (xx@localhost)?[(none)]>?--?可以成功登陸  (xx@localhost)?[(none)]>?--?下面查看一下自身的權限  (xx@localhost)?[(none)]>?show?grants;??--當前只有usage權限  +--------------------------------------+  |?Grants?for?@localhost????????????????|  +--------------------------------------+  |?GRANT?USAGE?ON?*.*?TO?''@'localhost'?|  +--------------------------------------+    (xx@localhost)?[(none)]>?show?databases;  +--------------------+  |?Database???????????|  +--------------------+  |?information_schema?|  |?test???????????????|  +--------------------+    (xx@localhost)?[(none)]>?use?test;  Database?changed  (xx@localhost)?[test]>?show?tables;  Empty?set?(0.00?sec)    (xx@localhost)?[test]>?create?table?t(id?int);  Query?OK,?0?rows?affected?(0.14?sec)    (xx@localhost)?[test]>?insert?into?t?values(1);  Query?OK,?1?row?affected?(0.01?sec)    (xx@localhost)?[test]>?select?*?from?t;  +------+  |?id???|  +------+  |????1?|  +------+  1?row?in?set?(0.00?sec)    (xx@localhost)?[test]>?--從上可以看出，usage權限已經可以完成很多任務  (xx@localhost)?[test]>?use?infromation_schema;  ERROR?1044?(42000):?Access?denied?for?user?''@'localhost'?to?database?'infromation_schema'  (xx@localhost)?[test]>?exit;      b、演示密碼為空的用戶登陸  [root@xlkoracel?~]#?mysql?-uroot?-hxlkoracel??###注，此時也無需指定參數-p??  (root@xlkoracel)?[(none)]>?--可以成功登陸  (root@xlkoracel)?[(none)]>?show?grants;???--查看自身權限，為ALL?PRIVILEGES，權限更大  +---------------------------------------------------------------------+  |?Grants?for?root@xlkoracel???????????????????????????????????????????|  +---------------------------------------------------------------------+  |?GRANT?ALL?PRIVILEGES?ON?*.*?TO?'root'@'xlkoracel'?WITH?GRANT?OPTION?|  |?GRANT?PROXY?ON?''@''?TO?'root'@'xlkoracel'?WITH?GRANT?OPTION????????|  +---------------------------------------------------------------------+

[root@xlkoracel?~]#?mysql?-uroot?-p  Enter?password:?  (root@localhost)?[(none)]>?select?user,host,password?from?mysql.user  ????->?where?(user?is?null?or?user='')?and?(password?is?null?or?password='');  +------+-----------+----------+  |?user?|?host??????|?password?|  +------+-----------+----------+  |??????|?localhost?|??????????|  |??????|?xlkoracel?|??????????|  +------+-----------+----------+  2?rows?in?set?(0.01?sec)    (root@xlkoracel)?[(none)]>?--?Author?:?Leshami  (root@xlkoracel)?[(none)]>?--?Blog???:?http://www.php.cn/  (root@localhost)?[(none)]>?--?使用drop?方式清理用戶  (root@localhost)?[(none)]>?drop?user?''@'localhost';  Query?OK,?0?rows?affected?(0.24?sec)    (root@localhost)?[(none)]>?select?user,host,password?from?mysql.user  ????->?where?(user?is?null?or?user='')?and?(password?is?null?or?password='');  +------+-----------+----------+  |?user?|?host??????|?password?|  +------+-----------+----------+  |??????|?xlkoracel?|??????????|  +------+-----------+----------+  1?row?in?set?(0.00?sec)    (root@localhost)?[(none)]>?--?直接用delete從mysql.user表清理用戶  (root@localhost)?[(none)]>?delete?from?mysql.user  ????->?where?(user?is?null?or?user='')?and?(password?is?null?or?password='');  Query?OK,?1?row?affected?(0.06?sec)    (root@localhost)?[(none)]>?--?直接用delete從mysql.user表清理所有密碼為空的用戶  (root@xlkoracel)?[(none)]>?delete?from?mysql.user?where?password?is?null?or?password='';  Query?OK,?3?rows?affected?(0.00?sec)