MySQL 中的密码和权限
这可能是一个简单的问题,但我对关系数据库的经验非常有限。如何微调 MySQL 中的权限。例如,如果我有以下代码
CREATE TABLE IF NOT EXISTS user(
ID INT NOT NULL AUTO_INCREMENT,
//...other columns
PRIMARY KEY(ID)
)ENGINE=InnoDB
CREATE TABLE IF NOT EXISTS pictures
(
ID INT NOT NULL AUTO_INCREMENT,
userID INT NOT NULL,
//...other columns
PRIMARY KEY(ID),
FOREIGN KEY (userID) REFERENCES user(ID)
)ENGINE=InnoDB";
并创建两个新用户,user1 和 user2,我可以授予他们对表的权限,
GRANT ALL PRIVILIGES ON db_name.* to ".user1."@\"%\" identified by ".pass1
GRANT ALL PRIVILIGES ON db_name.* to ".user2."@\"%\" identified by ".pass2
但是否有任何地方可以限制表内的特权仅限于特定子集?我应该在 PHP 代码中执行此操作吗?我习惯了面向对象的编程,所以我不习惯保存所有信息的大量表。
This might come across as a simple question, but I have very limited experience with relational databases. How do I fine tune permissions in MySQL. For example, if I have the following code
CREATE TABLE IF NOT EXISTS user(
ID INT NOT NULL AUTO_INCREMENT,
//...other columns
PRIMARY KEY(ID)
)ENGINE=InnoDB
CREATE TABLE IF NOT EXISTS pictures
(
ID INT NOT NULL AUTO_INCREMENT,
userID INT NOT NULL,
//...other columns
PRIMARY KEY(ID),
FOREIGN KEY (userID) REFERENCES user(ID)
)ENGINE=InnoDB";
and I create two new users, user1 and user2, I can give them permission to the tables as such
GRANT ALL PRIVILIGES ON db_name.* to ".user1."@\"%\" identified by ".pass1
GRANT ALL PRIVILIGES ON db_name.* to ".user2."@\"%\" identified by ".pass2
but is there anywhere to restrict privileges inside a table to only a specific subset? Should I carry this out in my PHP code instead? I'm used to object oriented programming, so I am not accustomed to massive tables which hold all the information.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
具体来说,您不能授予对表中某些行的访问权限,而不能授予对其他行的访问权限,这听起来像是您要求做的。
Specifically, you can't grant access to some rows of a table and not others, which sounds like what you are asking to do.
我建议使用 PHP 对应用程序的最终用户进行许可。使用数据库用户来控制访问是一种过时的方法(在我看来),并且在 MySQL/PHP 中很难实现/支持,因为它并不常见。
I recommend doing your permissioning for end-users of your application in PHP. Using database users to control access is an antiquated method (in my opinion) and can be difficult to do/support in MySQL/PHP as its not commonly done.
在 Grant Documentation 中,您需要检查文档以查看您正在寻找哪些具体特权;但是您需要为同一用户的每个单独权限执行多次授予(即,一项用于选择,一项用于更新,等等)。
In the Grant Documentation you'll need to check the docs to see what specific privileges you are looking for; but you'll need to perform multiple grants for the same user for each separate privilege (i.e. one for select, one for update, etc...).