rebies
asked on
MySQL User / Host Table Questions
1.) Should I have to restart MySQL every time I change the “user” table? (Windows 2003, MySQL 5.0) It seems I have to for the changes to take effect.
2.) What about using a subnet or wildcard in the host column? I’ve been unsuccessful with using 192.168.1.*
3.) How do I grant a user access from multiple hosts? Do I put all hosts into the Host field, like “localhost,192.168.1.100”?
Thanks for the help and pointers here.
2.) What about using a subnet or wildcard in the host column? I’ve been unsuccessful with using 192.168.1.*
3.) How do I grant a user access from multiple hosts? Do I put all hosts into the Host field, like “localhost,192.168.1.100”?
Thanks for the help and pointers here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
1.) flush privileges: great - works!
2.) % sign: great - works!
3.) will need to test a little bit on this one.
2.) % sign: great - works!
3.) will need to test a little bit on this one.
Hi,
This all depends on your security model.
On most of my machines I have only localhost priv's for my users.
This is because they use business objects to query the database or are using it through a web front end - where they do not need remote use.
For other users who have access to everything I just grant all priviledges from all hosts.
Generally - the "default" user access model would be as I described above - select from % - some access from LAN and some more access from localhost (if applicable)
This all depends on your security model.
On most of my machines I have only localhost priv's for my users.
This is because they use business objects to query the database or are using it through a web front end - where they do not need remote use.
For other users who have access to everything I just grant all priviledges from all hosts.
Generally - the "default" user access model would be as I described above - select from % - some access from LAN and some more access from localhost (if applicable)
Normally you would not give access for say dropping tables from % or from the lan but you may want someone who is trusted to have access to local host to be able to execute that function... as an example
ASKER
Thanks. So if I want "myself" to be a user that is allowed on localhost and on the LAN - I have to create two completely seperate users - right?
if you want yourself to be on the lan - and on localhost but not from anywhere else you would need to use two lines in the user table.
You could also do
Grant all on % to myself@localhost;
Grant all on % to myself@192.168.0.%;
which would have the same effect
You could also do
Grant all on % to myself@localhost;
Grant all on % to myself@192.168.0.%;
which would have the same effect
ASKER
Thanks much Raynard! You've definately more than answered my questions!
glad I could help
ASKER