[Fwd: Re: Please reply to user and bugs@ ... list]
am 05.11.2003 10:09:41 von Sergey Glukhov--------------010105070303080807010003
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
--------------010105070303080807010003
Content-Type: message/rfc822;
name="Re: Please reply to user and bugs@ ... list"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="Re: Please reply to user and bugs@ ... list"
Message-ID: <3FA8BAD3.6020501@mysql.com>
Date: Wed, 05 Nov 2003 12:54:43 +0400
From: Sergey Glukhov
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030701
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Sinisa Milivojevic
CC: bugs@lists.mysql.com
Subject: Re: Please reply to user and bugs@ ... list
References: <16295.46727.747198.870400@sinisa.nasamreza.org>
In-Reply-To: <16295.46727.747198.870400@sinisa.nasamreza.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sinisa Milivojevic wrote:
>
> ------------------------------------------------------------ ------------
>
> Subject:
> Problems with accessing mysql with/without ssl.
> From:
> Arkadiusz Miskiewicz
> Date:
> Tue, 4 Nov 2003 14:13:48 +0100
> To:
> bugs@lists.mysql.com
>
>
> I have some db - ''somedb".
>
> GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'%' identified by 'pass_1'
> GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'1.2.3.%' identified by 'pass_2'
>
> and now I can connect to database only from '1.2.3.%' with 'pass_2'.
>
> Weird but logical way would be if I'm matching 1.2.3.% then check for pass_2
> and if not then check for pass_1. Same applies to ,,REQUIRE SSL'' rules.
Please refer to manual:
http://www.mysql.com/doc/en/Request_access.html.
There is good decription how setup privileges using 'host' table.
Below is exapmle how you can setup connections from different hosts:
GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'%' identified by 'pass_1';
GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'1.2.3.%' identified by
'pass_2';
use mysql;
/* We need only one record in db table with epmty 'host' field */
delete from db where db='somedb' and user='user' and host= '1.2.3.%';
update db set host= '' where db='somedb' and user= 'user';
insert into host values ('1.2.3.%', 'somedb', 'Y', 'Y', 'Y', 'Y',
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y');
insert into host values ('%', 'somedb', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y',
'Y', 'Y', 'Y', 'Y', 'Y', 'Y');
flush privileges;
So now you can setup connenction using user='user',host='%' and
pass= 'pass_1' to 'somedb' or user='user',host='1.2.3.%' and
pass= 'pass_2' to 'somedb'.
>
> For example now I don't see a way to give some user permission to connect to
> my database from local network without using SSL and from other networks with
> SSL only... something like
>
> GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'%' identified by 'pass_1' REQUIRE
> SSL
> GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'192.168.0.%' identified by
> 'pass_1'
The same for ssl connections.
>
> Also plase look at http://lists.mysql.com/bugs/14331. The issue is still there
> in 4.0.16.
Please refer to manual:
http://www.mysql.com/doc/en/SSL_options.html.
About possibility of only crypted connection without key/cert
authentification. I think we will add this feature in next releases.
Regards,
Gluh
--------------010105070303080807010003
Content-Type: text/plain; charset=us-ascii
--
MySQL Bugs Mailing List
For list archives: http://lists.mysql.com/bugs
To unsubscribe: http://lists.mysql.com/bugs?unsub=gcdmb-bugs@m.gmane.org
--------------010105070303080807010003--