Re: Please reply to user and bugs@ ... list

Re: Please reply to user and bugs@ ... list

am 05.11.2003 09:54:43 von Sergey Glukhov

Sinisa Milivojevic wrote:
>
> ------------------------------------------------------------ ------------
>
> Subject:
> Problems with accessing mysql with/without ssl.
> From:
> Arkadiusz Miskiewicz
> Date:
> Tue, 4 Nov 2003 14:13:48 +0100
> To:
> bugs@lists.mysql.com
>
>
> I have some db - ''somedb".
>
> GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'%' identified by 'pass_1'
> GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'1.2.3.%' identified by 'pass_2'
>
> and now I can connect to database only from '1.2.3.%' with 'pass_2'.
>
> Weird but logical way would be if I'm matching 1.2.3.% then check for pass_2
> and if not then check for pass_1. Same applies to ,,REQUIRE SSL'' rules.

Please refer to manual:
http://www.mysql.com/doc/en/Request_access.html.
There is good decription how setup privileges using 'host' table.
Below is exapmle how you can setup connections from different hosts:

GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'%' identified by 'pass_1';
GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'1.2.3.%' identified by
'pass_2';
use mysql;

/* We need only one record in db table with epmty 'host' field */
delete from db where db='somedb' and user='user' and host= '1.2.3.%';
update db set host= '' where db='somedb' and user= 'user';

insert into host values ('1.2.3.%', 'somedb', 'Y', 'Y', 'Y', 'Y',
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y');
insert into host values ('%', 'somedb', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y',
'Y', 'Y', 'Y', 'Y', 'Y', 'Y');
flush privileges;

So now you can setup connenction using user='user',host='%' and
pass= 'pass_1' to 'somedb' or user='user',host='1.2.3.%' and
pass= 'pass_2' to 'somedb'.
>
> For example now I don't see a way to give some user permission to connect to
> my database from local network without using SSL and from other networks with
> SSL only... something like
>
> GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'%' identified by 'pass_1' REQUIRE
> SSL
> GRANT ALL PRIVILEGES ON somedb.* TO 'user'@'192.168.0.%' identified by
> 'pass_1'

The same for ssl connections.
>
> Also plase look at http://lists.mysql.com/bugs/14331. The issue is still there
> in 4.0.16.

Please refer to manual:
http://www.mysql.com/doc/en/SSL_options.html.
About possibility of only crypted connection without key/cert
authentification. I think we will add this feature in next releases.

Regards,
Gluh


--
MySQL Bugs Mailing List
For list archives: http://lists.mysql.com/bugs
To unsubscribe: http://lists.mysql.com/bugs?unsub=gcdmb-bugs@m.gmane.org