MySQL - 創建、刪除用戶賬戶和授予權限（創建/刪除用戶、授予、顯示授予）。 (MySQL - Create, Delete User Accounts and Grant Privileges (create/drop user, grant, show grants))

字幕列表影片播放

creating these classes requires equipment and service.
Is that cost money?
If you appreciate this education, please think about going to Eli the computer guy dot com and offering a one time or monthly recurring donation.
Welcome back.
As you know, I have Eli, the computer guy, and in today's video, I'm going to be showing you how to create users and my sequel and be able to assign them privileges.
So essentially, privileges and the mice equal world are permissions, So you're going to be allowing your users to be able to do whatever it is that you want them to.
D'oh!
You can assign them all privileges so that they have the ability to in search drop update within your database server, you're gonna sign specific privileges, so you can simply say I only want this user account to be able to select.
So imagine if you're creating a script, or imagine if you're giving user access to your database and you're saying, Hey, I want you to be able to run reports, but I don't want you to be able to add anything.
And I don't want you Mabel update anything.
All I want you to do is be able to be able to just run the reports, then that's how you can assign privileges to allow people to only do the exact things that you want to dio One of cool things in the mice Equal world is you can really get relatively granular and the permissions that you are able to assign different users.
So basically you can give access to everything all tables on all databases and assign that to somebody.
Or you can say all tables in a particular database.
So we have in the lab that we've been doing with a Class D B database and then within that Class D B database, we have a user's table so we could say that this user has the ability to do whatever they want within any tables within the Class D V database.
That's one thing that you could d'oh!
You can assign just a table so they only have access to one particular table.
And one of the cool things is what you can actually also d'oh!
Where they can only have access to one column in one table S O.
This is one of those important things to be thinking about in the world of security.
One of the reasons we have so many issues with hackers in the cybersecurity world is frankly, a lot of our infrastructure is not built with the security that is already built into the system.
Again, if you're thinking about doing something like a sequel injection attack on and you're using some type of Web page in order to try to hack into a database server, well, the fact of the matter is, is this is if you restrict the permissions so that the user account that that script is attacked two can only do select or can even on Lee do select on a one particular column on one table?
The fact of the matter is, the attack surface that is that a hacker may go after just simply becomes a lot smaller.
And so what?
I'm gonna be showing you today's again how to create these user accounts, how to assign the privileges and get a little bit into things like revoking privileges and that type of thing.
So, as I said many times before warning order, will Robinson or need warning s o the things that I'm going to be TIF you do today are a very small subset of the security that you're able to do in a my sequel database server.
It is amazing literally how much security is actually built into my sequel database server, and you could probably do a whole 10 hour class just going over all the different security features that are available.
So what I'm going to be doing is I'm going to be showing you a small subset of what you are able to dio.
This will allow you to be him to create user accounts, to be able to sign those user accounts permissions be able to do all of these basic tasks.
If you're interested in learning more about database security, Obviously there is a lot more out on the Web and almost likely be doing another video in the future.
So again, if you're an old timer and you come in here like aah, you lie allies, barely barely scraping the surface of all the security that that's possible of my sequel.
You would be correct, because if I scream for more than the surface, a lot of people are gonna get frustrated.
Their heads are gonna explode and then they're going to go home, and I don't want people to give up on my watch.
If you're gonna give up, give up later, look later.
What time did Ugo I'm trying to keep you in the loop of trying Thio keep you feeling confident, but it is important.
Understand?
Again if you think about putting on my sequel database server into what is called a production environment.
So he's talking about production environment that's actually putting into a server room that's actually having your users be able to access it.
And again, if your users are actually being able to access it, that means the Internet.
Basically, the network is able to access it.
If you're going to be creating a production server, do look Maura into security again.
What I'm talking about today is very, very, very, very simplistic on.
It might leave you open to possible hacking, hacking attacks if you don't walk down your server more.
What I'm teaching you is great for the lab environment again.
Do some more research if you're actually gonna put this into a server room.
So now that I've given you the warnings and we've done the introduction, let's go over to the computer so I can show you how this stuff actually works.
So here we are, back at my lab system again, I'm using a Mac book pro.
I have a virtual box installed, a Mac book pro within a virtual machine on virtual box.
I have gone to desktop 18.4 because I want that graphical user environment as we do Maur Mork classes on this track that gooey will be useful to us on.
So, basically, this is the environment that we're running in.
I used a task cell to be able install the full lamp stack of passion, my sequel and PHP.
And so with that, let's go down here, show applications.
You go to the search, you type in terminal on.
Then you open up the terminal s.
So now we are in to the terminal, and at this point, we're going to log in to my sequel again.
If you are coming into this, this a Siri's brand new.
I'm longing in a little bit differently than you normally should, because we do not have user accounts created yet.
I want to show how to create a database and a table and insert records to do all that kind of stuff before I got into the user accounts before I got into the security s O.
If you're new to all this, if you have an actual user account that allows you to have all privileges within your bicycle database server, then log in the normal way.
So the normal way of logging it would be my sequel Space ifit you user name, space hyphen P.
So that's how you normally log in to my secret database server again.
We're not doing that because I have my own way of t s.
So we're going to do Sudo my sequel.
123456 Super secret password.
And we're now in my sequel.
So again, doing pseudo my sequel.
What this does is this.
Log this in as the actual route user.
So So we have full access to the database eso past this we're gonna do is going to control l clear everything out.
So the first thing that we need to do is take a look at the user's table.
So if we do select and what we're actually doing press select two columns out of users table select user comma and then host.
So these air two different columns out of the user table within the my single database.
We're gonna select the user column and the host column from, uh, my sequel dot user.
Right?
So my sequel is the database.
So my single database and went into my single database is the user table.
So this is default, right?
So every single my single database server will have this.
And so this is where the user account information is stored on.
We're going to semi Colon Godo semi colon, and then we're going to hit her.
That's basically what we see here is we see user and we see host.
We have Debbie in haIf insists my sequel, That Session I sequel, Assists and Root, and you can see over here for host.
We see local host right on DSO Host is one of those things we will get into Maurin a different class.
This is important with security for from a different from a different standpoint, but the important thing to realize with user accounts, so like when you're along in it and when you're using a user account within my sequel database server basically your user name, and the host is combined in order to create your user account.
So if you had Tim at local host, that would be a different user account than simply Tim without any host which will be a different user account than Tim at 192.168 not 1.4.
So, basically, when you're when you're identifying user account, the you have the user name and the host come together to actually create that user account.
So this is one of those things again.
It gets a little bit complicated.
We're just going to be dealing with a local host for the host today.
But it's something something to keep in mind.
It was okay, so we have We can see we have user, we have root and we have host.
So the first thing that we want to do is we actually want to create a user now.
So you're going to create a user Bob, right?
Because, hey, Bub has to be part of my sequel server.
So we're gonna just simply create a user turns to create user, and then we're going to do is we're going to a single quotation Mark Bob Close.
Single quotation mark at single quotation Mark local host.
Now, do not finger this.
Make sure all of that is right.
So we're going to create a user.
So, Bob, So that's gonna be the user name and the host is going to be a local hopes.
So, Bob at local host on, then what we're going to do is we're gonna say aye identified by.
And so what this is is we're basically saying, What?
The password for this user ISS And so we're gonna say, identified by single quotation Mark And then whatever your password is 123456 Because I'm super cool of security that way.
So create a user bob at local host identified by 1234560 remember, do all those little single quotation marks or you'll run into problems and then we're going to do is we're going to do this Semi colon on.
We're going to run, And then a query.
Okay.
Zero was affected.
Blah, blah.
So we just, uh, go up.
So select user host from my sequel, not user.
And then we hit inner.
And then now we can see so up at the top is Bob with the host of local hope.
So we now have a bob account.
Here s 01 of the things that we can do is we can look at what privileges this bob account has.
Yes, we do.
Control.
Elegant and so doing control l clears a screen.
And so now we can do is do something called show grants.
So show grants says, Show me the privileges of a particular user.
So show grants four.
Then we say Bob at local host.
Right?
So show, show the privileges for Bob at local host.
Now we do semi colon.
Then we hit Enter.
And so we say grants for Bob at local host Grant usage on star dot star.
So we're looking at this The first star here.
Basically, when we're looking at naming convention Ana my secret out of a server.
The first part is the database itself sodomized my sequel or class D d b, whatever else the database is first, then you have a dot and then after that is the tables.
So, uh, so my sequel dot user is the user table in the my sequel database.
ah, user or I'm sorry, Class D b dot user is the user table in the class database.
And so basically, what we're saying here is grant usage.
So usage basically just means you can log in on all databases and all tables to Bob at local host.
So that shows me what the privileges for this bob account are.
Now, if I'm long in with a user account and I want to know what my particular privileges are, I can do show grants and all I do is show grants.
You don't have to do the four.
Yes, you're logged.
It is you.
Then I do semicolon.
And then I hit her.
And so I didn't see.
I could see who I'm Longan is.
So Groot grants for route at local host.
And so I have grant all privileges.
So I have all privileges.
All privileges is one of the privileges on star dot star.
So all databases dot all tables to root at local host and that there's something here called with grant options.
So basically, what with grant option is is that this user account is actually able to give privileges to other user accounts, right?
So again.
So, like with Bob, were about to give privileges to Bob.
The reason I'm able to give privileges to Bob is because I have this with grant options again.
As I talk about before we start talking about permissions and all that, they're a crap ton of permissions.
If we go over to my sequel, dabbed up my sequel dot com, and we actually look at the privileges provided we can go and we can see that there are just a crap ton.
So there's all altar create, create roll, great temporary tables, drop drop roll grant option process references, reload super trigger update.
And then you come down here to these other ones.
Set user I d roll admit that kind of thing on.
So the important thing to be thinking about with the privileges that we're going to be talking about today is we're only going to giving the privileges that we have used up until this point so we can do the insert privilege.
We could do the update privilege.
You do the altar privilege, we could do the select privilege, right?
So those are the basics.
But if you want to get Maur into weeds, with it.
Just realize that there are a hell of a lot more privileges that you can actually give user accounts.
So So now Now we have a bob user.
So all you have to do is, you know, create create user.
We created the user.
We now see what permissions the privileges the different user accounts have.
So now I want to assign privileges to that.
Bob Accounts.
Let me do control.
Elegant.
So that is going to clear the screen.
So now let's think about what privilege we want to give Bob on this particular server.
So let's say we want to give Bob the select privilege to all databases.
All tables on the service of Basically Bob can go in, and he will be able to be a bit run reports from any database in any table on the server.
So what we're going to d'oh is we're going to say Grant select.
So Grant there are the select.
That's what actually allows you to be able to pull information out of the database.
So we say Grant, select on on star dot star.
So basically on says what database?
What table star?
So any So we start with the databases.
So any database dot any table rights, we're going to grant a select privilege on dhe.
Then we're going to say to two Bob at local post, and they were gonna close that with a semicolon.
So, Grant, select permission on all databases, all tables within those databases to Bob at local host.
Then we're gonna hit Enter Query.
Okay, So now what I can do is I could do a show grants for Bob at local host.
And what we can see here now is grants.
So the grant selected so select on all databases, all tables to bomb at local host.
So that is but permission he currently has.
So now let's say what if we want what do we want him to have some Maur ability.
So let's say go in and be able to insert records.
So we want Bob to be able to insert records within the class D B users table that we created before.
So what we can do here is we can say Grant, insert on.
And then we have that class D B that we've used in previous videos.
So Class D B and then within class D D.
There's a user's table, so we want him to be a bit insert records into the user's table.
And then all we do is we say to Bob at local host, and we do semi colon.
So now he will be able to insert records onto the user's table of the class database.
Okay, so then we do show grants for Bob at local host, and so now we can see so he can do select.
You could do select on any table of any database, but he's only able to insert on the user's table within the class database.
Now what do we want him to do?
Like updates.
But we want to know is like, you know, I'm saying like, Okay, we want Bobby up up today, but you always got You always gotta be careful about employees.
We don't want them updating stupid things, right?
So with that users table that we had before, we know that we have names.
We know that we have ages, and we know that we have genders, right?
So let's go in.
We do use Class D B, and then we could do describe users so it's the user's table, right?
And so we pulled this up so we can see what the user's table is.
So the user i d user, I d.
This is this is the identifier for all user accounts.
We do not want Bob to go anywhere near the user.
I d.
Bob screws up the user idea.
He could screw up the entire database.
No name.
There's no reason that bomb should be able to modify a name within this table.
A database, right?
Names aren't gonna check, so that should be That should stay as it is.
And then you look and you go egg.
We'll think about that like kids grow older, right?
So you may want Bob to be update the age of the people within the database.
Gender?
Yeah, that's it.
We're just going to stay away from that one.
We know now where these three is not gonna go there.
Take a look at it.
We go.
OK, What what showed Bob be able to pump a day on this particular table?
So we say Bob should be able to update age, and that's it.
So we'll do control l to be clear the screen.
And now we're going to do is we're going to give him the update privilege, but only on the age column within the user's table within the mice within the class database.
So we're gonna do is where I say grant up, Yeah, up date and then here in his open parentheses.
And then we're going to say what column?
We're going to say The age column.
So grant the update privilege.
So the update privilege means you're able to modify a record on, but we're going to say on class D b dot users.
So this is where the columnists, this is where you define the database and this is where you define the tables.
Uh, then all you do is you do to Bob at local host, and then you do semi colon.
And so this will grant Bob at local host the ability to update the age of the user's table in the class database and nothing else.
Nothing else at all.
We could enter.
Thank going again.
When you're typing at all this stuff, it's really easy to fat figure things out.
Uh, okay, so then what we're gonna do is you're on the show grants for Bob at blue cool host.
So my colon inner And so now we have Grant select on start out star.
So everything grant insert eso insert is for the entire users table of the class database up day only the age column for the user's table of the class database to Bob at local hoops.
So now you can see these are the permissions that Bob actually has.
Now, you sit here.
You're like, Oh, oh, I don't know if I want him to be able to insert records, right?
It's like, Oh, do I really want Bob to be able to insert records?
That kind of makes me a little bit nervous, So why don't why don't I revoke his ability to be a concert records we want Bob.
We want Bob to be able to update the age within the user's table, but we don't want Bob to be able to actually insert records into the user's table.
Maybe that was a dumb idea.
We'll clear the screen.
And so now we're going to do is we're going to simply revoke the permissions.
So, in order to revoke the privilege, all you do is you do revoke, and then you do insert they say on and then whatever it is s o Class D, B, uh, users.
And then you say, um from and then who you're you're getting a front.
So Bob at local its goal host, right semicolon.
So revoke the insert privilege on class dot TV users to the user's table within the class D V database from Bob at local host.
And then we hit.
Enter query.
Okay, zeros effective, blah, blah.
And then what we could do here is now a new show.
Brands for Bob at local host, semi colon hit, Enter.
And so now he has the select ability on all tables and all databases, but he now only has the update ability on the age column within the user's table of the class D B to the class database.
And so that's how I showed you to create a user account that I showed you how to give privileges to that user account.
And then that's it.
Then I showed you how to revoke privileges from user account again when you want to take a look at all privileges is all the privileges is the privileges, but the main ones that you should be worried about at this time again is create drop, delete, insert, select or update.
Right then there's a final one called All Privileges.
So if we want to create a user account and give them all privileges, so this way they can do whatever they want so they can update.
They can delete.
They can do everything.
Let's create a new user.
So let's create user.
Um, Sue.
What's calm soup?
Call her Sir Tsu at local host.
So remember those single quotation marks identified by and then super secret password.
123456 Close semicolon.
Right, So create user single quotation marks.
Sue.
What if the name the user is closing with tradition market?
The at symbol open.
Single quotation mark.
Local host closed.
Single quotation mark, then identified by this sets the password single quotation mark.
Then whatever the password is closing old tradition Mark and then we do some might call it.
Okay, so we now have a sou sa.
We do select, uh, user post from my sequel dot user table.
And then we could see Michael it.
We can see we now have a bob account, and we now have a sou account both at local host.
Now, if I do control, I'll do control l to clear the screen.
So now I want to give all privileges to the Sioux account.
So basically, what we're gonna do is we're gonna make sue a super user account.
So we're going to give her all privileges to all tables in all databases, and we're also going to do the with grant options.
So that means that she's actually able to give privileges to other users within this database error.
So what we're going to do is we're gonna do Oh, uh, Grant all.
Hey, we got supposed P r I V i l e g e s.
I do have to say I don't know what it is with privileges.
I can just not spell privilege.
It's probably weird joke.
In a way, it's really hard to spell.
I keep I keep getting stupid on where the eyes where the keys are but anyways ran all pro.
So all privileges is basically if you're used to the Windows world, this will be full control Grant basically full control all privileges on And then we say, What what we want it on we can do a single database so we could simply do class.
Uh, we do on you.
D'oh Class d be dust star.
So this will be within the class D B database.
She would have all privileges at all tables within the class TV database.
Or we could say the user's table so we can give her all privileges on the user's table and the class D V database, right?
We could do all that stuff.
We're just gonna make this easy and just Theo People fashion star star.
So all tables in all databases, obviously, that means also all columns they were going to say to that we're going to say Sue at local host.
So again, just saying who it is.
And then from there we don't do is we type with grant option, right?
So with the with grant option, this means this user account will be able to give privileges to other user accounts.
So grant all privileges on all tables and all that the bases to sue at local host with the grant option.
Then we're going to enter.
Hey, now she has all these privileges.
So how do you show branch for Sue at local host.
We can see Grant all privileges on star dot stars to sue at local host with Grant option.
So now let's see about logging in.
Let's try to log in as soon, right?
We've been longing end up until this point using the suit New Way, the pseudo of my sequel that logs us in as the root root account.
But let's now start actually using a normal user account so we could do.
Is we just simply typing exit?
And there we are.
So this is back.
We're now officially back at the Lenox screen again.
This is one thing that could be very confusing, especially for new people in the whole command line.
World is knowing what command line your head when you see them.
I see when you see this, my sequel, this means you're in and the mice equal command line.
When you see a prop, something like this.
This means you're in the Lenox command line, so just make sure you know what command line anyone's past that now.
What we're able to do is instead of doing studio of my sequel the way we've been doing things in the past now, we can actually do my sequel space hyphen you for user name.
We're just going to say Sue space hyphen P ask for a password so we don't hit.
Enter 123456 We hit Enter and now we are officially along.
And so Sue at local host were actually at the local host.
So all we had to do was typed in Su.
Then we type in the password, and now we are in and we can do all the normal stuff that we were doing before we D'oh show that basis we see the databases, we could use class D.
B s.
So we're now in class TV video Select.
Let's see, all from users.
No, that's a nifty set.
Well, never mind.
I guess I got rid of all the user information in the user's account.
We could go back so we could d'oh select oh, user from my sequel dot user.
So that's my sequel database the user table with my single database.
So Sue actually has ability to look at that enter.
And so now Sue can see Bob and her in her own name.
The whole nine yards now, being long in a suit you control elegant, clear the screen.
I can also do the show grants.
Right.
So this is gonna be an important thing.
Like it's very important in the command line, world and Lennox and my secret world is knowing what permissions you have to do things.
If you try to take actions and you don't not have the proper permissions, then obviously it's not gonna work.
So doing things like show grants is a useful tool just to make sure you have the permission.
Do you think you have to show grants?
And now again, when you do show grants, just show Grant's not show grants.
Four.
We just to show grants that will show you what your privileges are so we can see.
Okay, Sue, I'm logging a Sioux have all privileges on all databases, cat tables and obviously columns with the grant option.
So the final thing that I have to show you is simply how to be able to delete a user or again into my sequel world.
We will be a dropping a user.
So let me clear the screen.
And then the first thing we need to do is select ah user host from my sequel dot user table.
All right, so this is going to show us all the users and the host.
So remember, we're doing something like dropping.
We need to connect the user name and the host and that all becomes one.
Identify her that we're going to be using eso.
Let's say we're sitting here and we're long in a suit so we can't get rid of soup.
But we do have Bob, right?
Let's get rid of Bob soon.
Never really liked Bob.
That's what we do is we can simply you drop and then we say, User, and then we say Bob at local host.
And then we do semi Colon, and this will get rid of Bob.
It's query.
Okay, Zeros effective, blah, blah, blah.
So then would you select and then a user host, um, from my sequel dot user table and they're ago.
So now Bob is gone, and the other important thing to realize here is again we're still a log in as the Sioux account.
So sue, because we gave Sue all privileges, Sue is able to do things such as be able to drop drop Bob from from the my sequel table.
So again, So Sue was given all privileges to all databases, all tables.
So the my sequel database that that database is just a normal database.
The user's table within that database is just a normal users table.
So since I did start Star, that means her user account is actually able to delete users out of that particular table again.
This is something where you really have to be thinking from a security standpoint.
Do you really want to give anybody all privileges to start out star again?
Maybe maybe the administrator account, right?
If you have a a super user account, you want to give them all privileges to start out star.
But this is an example of why you really need to think about and say, Well, no, I want to give all privileges Thio two class D b A dot star.
So all tables within the Class D B database.
So some of those things to think about So now you know how to create a user, you know, how do you give privileges to everything to a single database to a single table within a database you into a single column within a table within a database.
I've shown you how to be able to revoke those privileges.
I'm showing you been able to how to see the privileges again.
Show grants will show you what privileges you have.
And I've shown you how to drop Basically be able to delete a user.
And so this is the basics of what's required for user accounts and security in the mice equal world.
So there you go.
Now you know how to create users.
You know how to give them privileges, you know how to revoke their privileges.
You know how to give them.
You know, rather refined privileges all the way down to a single column on a single table in a single database on some of this could be very valuable again.
This is an important thing to be thinking about from a security standpoint, especially when you start creating scripts.
Basically start creating those front ends to be of interacting or my sequel database is remember again if a hacker tries to use something like what's called a sequel, injection, attack or different types of attack, if the user account that they're essentially trying to hijack simply doesn't have the permissions to do the attacks that they're trying to D'oh!
It's gonna fail out again.
Like if you if you create a front end and all that front end is going to do is it's going toe, you know, pull a report from a particular table within your database.
Then why in the hell would you give, uh, the user account?
That script is going to use the permission to insert or the permission to update or the permission for holy hell to drop right?
If you're going to have a front end and all that's going to do is be able to pull a report, then basically give that front end basically the user account that that front end is using, give it the permission to be able to do select statements on a specific table in a specific database.
And that's it, even of a hacker is able to compromise your script that front end and be able to try to do some kind of injection attacks or something else.
It's just not gonna work is literally that user account is not going to have the permissions.
So these are some things to be thinking about now a final thing a final thing again.
I was talking about these different, uh, these different users again, where you can have Tim as a user and you can have Tim at local host as a user and Tim at something else to the user.
Let me just go out of the computer again just to kind of show you how you can create a bit of a mess with this.
That's something that we will talk about in the future.
If you're gonna be creating user accounts right now, simply create the name at local host and go from there.
But I do want to show you where there can be a bit of a mess, especially if you're coming in behind somebody else on.
They've created user accounts on You're my single database server.
I want to show you why there might be a few problems.
So let's go back to the computer again for a second.
Okay, so let's clear the screen.
Uh, let's let's create a couple of user accounts, right?
So we're going to do this.
Let's say, for a Nancy, we're going to create a user, Nancy.
So So it's a create user single quotation mark and all we're gonna do this time we're gonna do.
Nancy, um, they were going Thio.
Identify five by 123456 Right.
So, again, notice there is no at local host here.
There's nothing else.
We're simply going to create a user Nancy identified by 123456 And then we're going to do the semi colon zeros affected.
Then what we're gonna do is write, create user, and they're gonna do, uh, Nancy again.
But then we're going to add at local host.
You got to do That's those two those single quotation marks.
And then for this, we're gonna be identified by 123456 and then we do semicolon head enter.
Okay, is you're always affected.
So that's also there.
And that's a, uh, create a user.
Uh, Nancy, that, uh, 19216812 I identify fight by 23456 Right.
So these air three different Nancy's gonna enter.
Okay, so all of those went through.
And so this is one of those things where you have to be looking at that host when you do a select from the user table within the my secret database.
You also try to grab the host information because if all we do here is we just simply do select user from, uh, my sequel users table, user table do semi colon.
Then what we're going to see is we actually have three different Nancy's here and again, life can get really miserable because remember, these are entirely different accounts.
So you can put different privileges on these different accounts.
And so that's why it's important that you understand that the actual identify WR for a user within my sequel is the user name plus the host.
So if you d'oh select and then we do user comma post from my sequel Die user table Now we can see So, Nancy So this is user Nancy host this little percent sign.
Basically, it means this user account can log in from anywhere.
So with my sequel was kind of really cool is you're gonna log in at the local host, you can actually law get remote legs, you can log in from somewhere else.
So what we have here is this person can long in from anywhere they can log in from local host.
They can log in remotely whole nine yards.
This Nancy here, this Nancy is actually only able to law again from the i p address.
1 19 168 hours.
One night, too.
So if you want somebody to have remote access to be able to manage this particular database and information within the database, you could actually give Nancy, uh, the host name one eye to know once extended wanted to.
So Nancy will be able to law again, but only from that I p address or than we have.
Nancy down here on the Nancy is only this Nancy is only able to log in locally by the important thing here is these different ANSI accounts.
They can have different passwords.
They can have different privileges.
Basically, they're entirely different accounts.
So you do have to be careful about this.
The other thing that makes us all really squirrely.
And again, why?
I don't want to get too far down the rabbit hole with this is now you're sitting there going.
Okay, Well, well, then if if they could only log in remotely or they Onley log in from a particular I P address you know, how does that work for security when it comes to things like scripts?
Or how does it come in with sshh?
And that's where you start getting too weird things with us again.
You have to think about like, these technologies of these products of the security.
So if you log in with s s age, you can use a local host user account to log in with us a safe because S s a is essentially, even though you're remotely your remotely connecting locally.
And so once you're in sssh, you're locals of the local host works again.
If you're using a script with permissions that's actually happy and locally So even though, yeah, it is kind of sort of remote.
As far as my sequel database server is concerned, it's actually local.
So when you're looking at this, this is using the my sequel server being able to log in to a remote database server.
So again, this gets a bit score like, the main thing that I want to show you is that there is this possibility.
So if you're running into weird things with user names, it might be that you actually have multiple accounts that you and again you're you're logging in, you know, under weird circumstances.
So this is just something to keep in mind again.
If you run into this problem, do a little bit more research on it.
We'll talk about it in another, another video.
But this this can be a bit confusing.
And so there you go.
There.
Now you know, now you know the whole creating users dealing with privileges the whole nine yards on a my sequel databases over again there as a lot that can go into this.
But for your particular level, understanding what I showed you today will make your life easier again whenever you're going to creating user accounts.
Where you're at now, I would argue, should create those local host accounts.
So, you know, single quotation Mark Bob closing all quotation mark at single quotation mark Local host Close single quotation mark identified by again.
You can create user accounts for us.
A specific I p addresses.
You can create user accounts where people can log in remotely.
But if you do that, you might start running into some weird problems when you try to do things like a logging in It was kind of interesting because I've been hammering the hell out of this little mice equal that of a server in order to do these these classes, right?
So I create user accounts.
I delete user accounts and create all kinds of and yeah, I found I found some weird places.
I found some weird places where if you screw around with the user table too much, your user accounts actually won't be able to log into the my sequel database server, and you run into some problems that way.
There's some interesting things.
If you go when you do some further research about how my sequel actually parse, is that users table for when people try to low again and how that whole password process works and I'll say, is if you if you start nothing too much into the user's table, you start doing a lot of modifications, that type of thing.
You could run into some really quirks.
And so if you get to the point where for some reason the user account that you created is not ableto long in your database server, what I would argue that the simple way to troubleshoot into this Point says, this is all Lab is basically delete all the user accounts that you created and then recreate the user accounts and should be able to fix the problem.
But again, if you're dealing with a real production server, you may have to do some Google searching.
I just realized the issue that you may run into is there Is this basically how my sequel parses that table When you go to law again, you can run into some really weird, quirky problems there.
So just one of those things to keep in mind.
Uh, so now you know a little bit about security.
Go, go play.
Make sure again, If you're using enough, it yours in virtual box or whatever.
Clone your machine clone.
You're my secret database server.
Before you go to play, go play, start messing around with counts.
Start messing around with privileges, See what you're able to do.
See what you're not able to dio, because, again, this type of security this time of security would solve so many problems again.
You hear you hear about like how we need more cyber security experts.
A lot of people say we need more cyber security experts.
I say we need better, Better administrators again.
Good.
Good.
Security is a byproduct of good administration, right?
So when you're building out, your infrastructure is just is just thinking about basic things again.
If you have a front end where people are going to be pulling reports from your database server, just simply ask yourself, why would you give the user account that is accessing your my single database server?
Why would it have the ability to update?
Why will have the ability to drop?
Why would it have the ability to do anything other than select on the specific tables that you give it permission to select?
Right?
The big problem with security is that people just you piss poor administration again.
You create a user account that has all privileges within your database, and then you have your users using a front end, and they're all they're doing is pulling a report.
But if a hacker is able to give in, and basically they're they're able to hijack Jack that session, they're able to hijack the communication.
They could then start in certain records, update your records dropping records because the user account that you're using has the permission, has the privilege to do that.
That is why the hacker is able to do the things that they are.
If you simply revoke all of those privileges from the user account that's accessing the database server, then then the hacker again, even if the hacker is able to hijack the credentials, is able to hijack that user account in order to get the database error.
It doesn't matter, because literally the only permission that use their has is the ability to select.
Or again, I say, if you're going to update, get minimum, minimizing the risk, minimizing the rest.
If you're going to have a front end or if you're going to have a user account.
And again they need the update specific columns within the table, then only give them permission to update those specific columns so they're able to to update.
You know, the the age call, and that's it.
They shouldn't be updating names they shouldn't be updating.
Cantor's right name and gender should be at his own story, but basically those should be permanent.
The only person that should be able to tweak age or gender is maybe some true super user that could go in and modify things on a case by case basis.
But in general, a standard user account should be able to modify the ages, and that's it.
So again, if a hacker gets in and they start getting stupid, maybe they can screw around with people's ages.
Which again, what suck?
I'm actually not tryingto if somebody went in and completely screwed up all the ages, for for all the people in your user database, it may take a while to clean that up.
But it's not going to be catastrophic, right?
When so many times when we see the hacking attacks that are catastrophic against database servers, it's simply because the permissions that were provided to that front and interface were.
So we're so why they were granted it so much that when the hacker was able to get in, they were able to grab everything.
So these are some of the things you really need to be thinking about again, especially when you start thinking about putting something into a production environment.
Really think about what the user accounts actually need, What do they need and really refine it down again?
Down to the columns think about that even with, like, select again specific, specific tables specific only being a pull information from specific columns.
So why, If you have Social Security numbers, if you have credit card numbers, why why would a front end be using a user account that even has the ability to be able to select and be able to read credit card information?
You should you should simply revoke.
Right again.
It can select names.
Maybe can selected dresses something like that, but credit card information and Social Security numbers and that type of thing that shouldn't even be accessible from the user account that that front end is using.
So these are some things to be thinking about when you're building out your infrastructure.
When you're building your system again, go play with it.
There are a lot of privileges out there again.
My sequel, Database Server, is actually very sophisticated piece of software, so there are a lot of privileges out there.
There's a lot of things that you could d'oh, but for you in general, all privileges.
So if you grant all privileges, that gives the ability to create, drop, delete, insert, select and update, So those were the standard privileges that a normal person is going to use on.
Then you have those privileges and then with what's called the whip grant options.
So with Grant option allows that user account to being to give permissions for privileges to other user accounts s so that's added on the back.
So here you go.
There are some things I hope it all makes sense, but it makes sense.
When you get the security, you get two things like user accounts and security.
That's that's That's an easy way to lose people.
So we will talk about this more in the future again.
We'll talk about Maura about hardening the database server.
We'll talk about those remote accounts and those types of things, But with what I show you right now, you should be able to start and and be able to play around with my single database server and actually do some interesting things.
So, as always, I enjoy doing this video and look for to see on the next one.
Apparently, the type of content you just saw is not what Susan W.
Wants for the future of YouTube.
This means that recommendations by YouTube to this channel have dropped massively and views are becoming a comically small I hate to ask.
I used to say I would never ask, but if you could subscribe like common and most importantly, share the videos that you appreciate, that may help slow the death of this channel.
Do you remember that?
If anything at all happens to this channel, you can go to Eli, the computer guy dot com, to view the content and access information not available on YouTube.