MySQL存储过程权限检查主要点
一、權限相關:
1.修改sql?security?
Sql代碼??
ALTER?PROCEDURE?www?SQL?SECURITY?INVOKER?;??
ALTER?PROCEDURE?www?SQL?SECURITY?DEFINER?;??
(1)MySQL存儲過程是通過指定SQL?SECURITY子句指定執(zhí)行存儲過程的實際用戶;?
(2)如果SQL?SECURITY子句指定為DEFINER,存儲過程將使用存儲過程的DEFINER執(zhí)行存儲過程,驗證調用存儲過程的用戶是否具有存儲過程的execute權限和DEFINER用戶是否具有存儲過程引用的相關對象的權限;?
(3)如果SQL?SECURITY子句指定為INVOKER,那么MySQL將使用當前調用存儲過程的用戶執(zhí)行此過程,并驗證用戶是否具有存儲過程的execute權限和存儲過程引用的相關對象的權限;?
(4)如果不顯示的指定SQL?SECURITY子句,MySQL默認將以DEFINER執(zhí)行存儲過程。?
3.執(zhí)行存儲過程授權?
Sql代碼??
GRANT?EXECUTE?ON?PROCEDURE?test.*?TO?'wtc'@'%';??
GRANT?CREATE?ROUTINE,ALTER?ROUTINE,?SELECT,CREATE,?INSERT,?UPDATE,?DELETE,?EXECUTE??ON?test.*?TO?'wtc'@'%'?IDENTIFIED?BY?'111111'??
CREATE?ROUTINE?:?創(chuàng)建存儲過程的權限?
ALTER?ROUTINE?:?修改存儲過程的權限?
二、實驗:
session?1:
mysql>?show?grants?for?ly@'%';
|?Grants?for?ly@%???????????????????????????????????????????????????????????????????????????????????
|?GRANT?USAGE?ON?*.*?TO?'ly'@'%'?IDENTIFIED?BY?PASSWORD?'*23AE809DDACAF96AF0FD78ED04B6A265E05AA257'?
mysql>?show?create?procedure?hhl.pr_param_in\G
***************************?1.?row?***************************
???????????Procedure:?pr_param_in
????????????sql_mode:?
????Create?Procedure:?CREATE?DEFINER=`root`@`localhost`?PROCEDURE?`pr_param_in`(
???in?id?int??
)
????SQL?SECURITY?DEFINER
begin
??INSERT?INTO?hhl.t??VALUES(1,'hhl');?
end
character_set_client:?latin1
collation_connection:?latin1_swedish_ci
??Database?Collation:?utf8_general_ci
1?row?in?set?(0.00?sec)
grant??execute?on?procedure??hhl.pr_param_in?to?'ly'@'%';
session?2:
mysql??-uly?-p123?-h?1.1.1.5
mysql>?call?hhl.pr_param_in(1);
Query?OK,?1?row?affected?(0.00?sec)
上面?SQL?SECURITY=DEFINER,ly?用戶調用存儲過程是以DEFINER=`root`@`localhost`,即檢查調用者ly是否具有存儲過程的execute權限和DEFINER用戶(`root`@`localhost`)是否具有存儲過程引用的相關對象的權限.
*如果SQL?SECURITY?=INVOKER
session?1?:
mysql>?ALTER?PROCEDURE?hhl.pr_param_in??SQL?SECURITY?INVOKER;
Query?OK,?0?rows?affected?(0.00?sec)
mysql>?show?create?procedure?hhl.pr_param_in\G
***************************?1.?row?***************************
???????????Procedure:?pr_param_in
????????????sql_mode:?
????Create?Procedure:?CREATE?DEFINER=`root`@`localhost`?PROCEDURE?`pr_param_in`(
???in?id?int??
)
????SQL?SECURITY?INVOKER
begin
??INSERT?INTO?hhl.t??VALUES(1,'hhl');?
end
character_set_client:?latin1
collation_connection:?latin1_swedish_ci
??Database?Collation:?utf8_general_ci
1?row?in?set?(0.00?sec)
session?2?:
mysql>?call?hhl.pr_param_in(1);
ERROR?1142?(42000):?INSERT?command?denied?to?user?'ly'@'node5'?for?table?'t'
上面?SQL?SECURITY=INVOKER,ly?用戶調用存儲過程,即檢查ly是否具有存儲過程的execute權限和是否有存儲過程引用的相關對象的權限.?ly?用戶確實沒有對?hhl?庫下的t?表insert權限。
轉載于:https://blog.51cto.com/huanghualiang/1216786
總結
以上是生活随笔為你收集整理的MySQL存储过程权限检查主要点的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 邮件系统磁盘监控脚本
- 下一篇: LDA-Latent Dirichlet