下面的文章主要介紹了用戶密碼的設置方式以及密碼的修改方式以及mysql自帶的測試庫test庫安全建議

A root account password can be set several ways. The following discussion demonstrates three methods:

Use the SET PASSWORD statement ?#使用set password方式

Use the UPDATE statement ?#使用update方式

Use the?mysqladmin?command-line client program ? #使用mysqladmin方式

To assign passwords using SET PASSWORD, connect to the server as root and issue a SET PASSWORD statement for each root account listed in the mysql.user table.

For Windows, do this:（windows設置方式）

shell>mysql -u root

mysql>SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');

mysql>SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('newpwd');

mysql>SET PASSWORD FOR 'root'@'::1' = PASSWORD('newpwd');

mysql>SET PASSWORD FOR 'root'@'%' = PASSWORD('newpwd');

The last statement is unnecessary if themysql.usertable has norootaccount with a host value of%.

For Unix, do this:

shell>mysql -u root ?#使用root帳號登錄，登陸后修改相應的密碼

mysql>SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');

mysql>SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('newpwd');

mysql>SET PASSWORD FOR 'root'@'::1' = PASSWORD('newpwd');

mysql>SET PASSWORD FOR 'root'@'host_name' = PASSWORD('newpwd');

You can also use a single statement that assigns a password to all root accounts by using UPDATE to modify the mysql.user table directly. This method works on any platform:

由于mysql的用戶是由用戶名和授權登錄的地址段組成，可以使用下面的命令一次性更新所有的root密碼

shell>mysql -u root ?

mysql>UPDATE mysql.user SET Password = PASSWORD('newpwd')?WHERE User = 'root';

#更新mysql user表中的root的密碼

mysql>FLUSH PRIVILEGES; ?(注意update方式更新的密碼，必須刷新權限，如果不刷新更新的密碼不生效)

The FLUSH statement causes the server to reread the grant tables. Without it, the password change remains unnoticed by the server until you restart it.

To assign passwords to the root accounts using?mysqladmin, execute the following commands:

#mysqladmin方式更新用戶密碼（windows和linux都有效）

shell>mysqladmin -u root password "newpwd"

shell>mysqladmin -u root -hhost_name?password "newpwd"

Those commands apply both to Windows and to Unix. The double quotation marks around the password are not always necessary, but you should use them if the password contains spaces or other characters that are special to your command interpreter.

?注意 mysqladmin命令不能用于下面兩個用戶的更新

1）'root'@'127.0.0.1'?

2） 'root'@'::1'

The?mysqladmin?method of setting the root account passwords does not work for the'root'@'127.0.0.1' or 'root'@'::1'account. Use the SET PASSWORD method shown earlier.

After the root passwords have been set, you must supply the appropriate password whenever you connect as root to the server. For example, to shut down the server with?mysqladmin, use this command:

shell>mysqladmin -u root -p shutdown?Enter password:(enter root password here)

The?mysql?commands in the following instructions include a-poption based on the assumption that you have assigned the root account passwords using the preceding instructions and must specify that password when connecting to the server.

匿名用戶設置密碼方式

Assigning Anonymous Account Passwords

To assign passwords to the anonymous accounts, connect to the server as root, then use either SET PASSWORD or UPDATE.

方式一：

To use SET PASSWORD on Windows, do this:

shell>mysql -u root -p?

Enter password:(enter root password here)

mysql>SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd');

To use SET PASSWORD on Unix, do this:

shell>mysql -u root -p

Enter password:(enter root password here)

mysql>SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd');

mysql>SET PASSWORD FOR ''@'host_name' = PASSWORD('newpwd');

方式二：

To set the anonymous-user account passwords with a single UPDATE statement, do this (on any platform):

shell>mysql -u root -p

Enter password:(enter root password here)

mysql>UPDATE mysql.user SET Password = PASSWORD('newpwd')->WHERE User = '';

mysql>FLUSH PRIVILEGES;

The FLUSH statement causes the server to reread the grant tables. Without it, the password change remains unnoticed by the server until you restart it.

Removing Anonymous Accounts

移除匿名帳號的方法

If you prefer to remove any anonymous accounts rather than assigning them passwords, do so as follows on Windows:

shell>mysql -u root -p?

Enter password:(enter root password here)

mysql>DROP USER ''@'localhost';

On Unix, remove the anonymous accounts like this:

shell>mysql -u root -p

Enter password:(enter root password here)

mysql>DROP USER ''@'localhost';

mysql>DROP USER ''@'host_name';

test數據庫的安全風險

Securing Test Databases

By default, the mysql.db table contains rows that permit access by any user to the test database and other databases with names that start with test_. (These rows have an empty User column value, which for access-checking purposes matches any user name.) This means that such databases can be used even by accounts that otherwise possess no privileges. If you want to remove any-user access to test databases, do so as follows:

test數據庫任何賬戶都可以訪問，這樣就存在著風險，用戶惡意寫入數據使數據庫寫滿

shell>mysql -u root -p

Enter password:(enter root password here)

mysql>DELETE FROM mysql.db WHERE Db LIKE 'test%';

mysql>FLUSH PRIVILEGES;

The FLUSH statement causes the server to reread the grant tables. Without it, the privilege change remains unnoticed by the server until you restart it.

With the preceding change, only users who have global database privileges or privileges granted explicitly for thetestdatabase can use it. However, if you prefer that the database not exist at all, drop it:

mysql>DROP DATABASE test;