Solved

MySQL User / Host Table Questions

Posted on 2006-10-23
9
2,911 Views
Last Modified: 2008-01-09
1.) Should I have to restart MySQL every time I change the “user” table?  (Windows 2003, MySQL 5.0)  It seems I have to for the changes to take effect.

2.) What about using a subnet or wildcard in the host column?  I’ve been unsuccessful with using 192.168.1.*

3.) How do I grant a user access from multiple hosts?  Do I put all hosts into the Host field, like “localhost,192.168.1.100”?  Do I have to create a new user row for every user / host combination I want to allow?  This seems counter productive to me because now I have multiple users with the same names, and potentially different passwords.

Thanks for the help and pointers here.
0
Comment
Question by:rebies
  • 5
  • 4
9 Comments
 
LVL 35

Accepted Solution

by:
Raynard7 earned 500 total points
ID: 17792641
1. -> no - you can use the command
mysql flush privileges;
for the changes to take effect
2. use the % sign as the wild card rather than *
3. you have to create a new row for each host that you want them to connect to.  But generally you would only give them say access from localhost, access from the lan (based on your ip prefix) and all other access % which should not be too difficult.
0
 
LVL 1

Author Comment

by:rebies
ID: 17792680
thanks for the quick reply Raynard7!  So is it unadvisable to give a user a pure "%" access?  Usually I'll want only home, work, and LAN connections for each user.  (Thus, best security says 3 rows for each user - right)
0
 
LVL 1

Author Comment

by:rebies
ID: 17792732
1.) flush privileges:  great - works!

2.) % sign:  great - works!

3.) will need to test a little bit on this one.
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17792754
Hi,

This all depends on your security model.

On most of my machines I have only localhost priv's for my users.

This is because they use business objects to query the database or are using it through a web front end - where they do not need remote use.

For other users who have access to everything I just grant all priviledges from all hosts.

Generally - the "default" user access model would be as I described above - select from % - some access from LAN and some more access from localhost (if applicable)
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 35

Expert Comment

by:Raynard7
ID: 17792758
Normally you would not give access for say dropping tables from % or from the lan but you may want someone who is trusted to have access to local host to be able to execute that function... as an example
0
 
LVL 1

Author Comment

by:rebies
ID: 17792812
Thanks.   So if I want "myself" to be a user that is allowed on localhost and on the LAN - I have to create two completely seperate users - right?


0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17792853
if you want yourself to be on the lan - and on localhost but not from anywhere else you would need to use two lines in the user table.

You could also do

Grant all on % to myself@localhost;
Grant all on % to myself@192.168.0.%;

which would have the same effect
0
 
LVL 1

Author Comment

by:rebies
ID: 17792897
Thanks much Raynard!  You've definately more than answered my questions!
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17792929
glad I could help
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction In this article, I will by showing a nice little trick for MySQL similar to that of my previous EE Article for SQLite (http://www.sqlite.org/), A SQLite Tidbit: Quick Numbers Table Generation (http://www.experts-exchange.com/A_3570.htm…
More Fun with XML and MySQL – Parsing Delimited String with a Single SQL Statement Are you ready for another of my SQL tidbits?  Hopefully so, as in this adventure, I will be covering a topic that comes up a lot which is parsing a comma (or other…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now