MySQL学习笔记1 Socket
前提: 数据库进程必须存在,并且必须创建和授权localhost相关用户
[root@db01 ~]# ll /tmp/mysql.sock srwxrwxrwx. 1 mysql mysql 0 Mar 1 02:05 /tmp/mysql.sock mysql> create user oldguo@'localhost' identified by '123'; mysql> grant all on *.* to oldguo@'localhost' with grant option; [root@db01 ~ ]# mysql -uoldguo -p123 -S /tmp/mysql.sock
2 TCP/IP
前提: 必须创建和授权远程网段相关用户
mysql> create user oldguo@'10.0.0.%' identified by '123'; mysql> grant all on *.* to oldguo@'10.0.0.%' with grant option; [root@db01 ~ ]# mysql -uoldguo -p123456 -h 10.0.0.51 -P3306
如何查看和监控连接情况:
show processlist; select * from information_schema.processlist\G
3 客户端工具
sqlyog navicat workbench 注意: 1、生产中不要用绿色版软件 2、 mysql_native_password插件 root开启允许远程登录 修改host值: mysql>use mysql; mysql>update user set host = '%' where user = 'root'; 表示选择mysql,修改其中root的host值。这里的**%**表示任意IP地址/主机,也可以改为指定的IP地址 授权从任意主机登录: mysql>grant all privileges on *.* to 'root'@'%' identified by '123' with grant option; mysql>flush privileges; 表示允许root用户使用密码123从任意一台主机登录到MySQL数据库服务器。其中%可以改为指定IP地址,表示只允许root从指定的IP地址连接数据库
4 基于SSL的安全连接
mysql> show variables like '%ssl%'; +--------------------+-----------------+ | Variable_name | Value | +--------------------+-----------------+ | have_openssl | YES | | have_ssl | YES | | mysqlx_ssl_ca | | | mysqlx_ssl_capath | | | mysqlx_ssl_cert | | | mysqlx_ssl_cipher | | | mysqlx_ssl_crl | | | mysqlx_ssl_crlpath | | | mysqlx_ssl_key | | | ssl_ca | ca.pem | | ssl_capath | | | ssl_cert | server-cert.pem | | ssl_cipher | | | ssl_crl | | | ssl_crlpath | | | ssl_fips_mode | OFF | | ssl_key | server-key.pem | +--------------------+-----------------+ 17 rows in set (0.01 sec) [root@db01 data]# mysql_ssl_rsa_setup [root@db01 ~]# ll /data/3306/data -rw-r--r--. 1 mysql mysql 1112 Feb 22 01:08 client-cert.pem -rw-------. 1 mysql mysql 1680 Feb 22 01:08 client-key.pem [root@db01 ~]# mysql -uoldguo -p123 -h10.0.0.51 --ssl-cert=/data/3306/data/client-cert.pem -- ssl-key=/data/3306/data/client-key.pem