<< previous page   --   table of contents   --   next page >>
| | | | | | | |
  • Return to Table of Contents
    • Table of Contents
    1. General Information
    2. MySQL Installation
    3. Tutorial Introduction
    4. Database Administration
    5. MySQL Optimisation
    6. MySQL Language Reference
    7. MySQL Table Types
    8. MySQL APIs
    9. Extending MySQL
    226 MySQL Technical Reference for Version 4.0.3 3.  If  you  are  using  an  old  MySQL  installation,  you  have  to  update  your  mysql.user table with some new columns.  You can do this by running the mysql_fix_privilege_ tables.sh script. 4.  You  can  check  if  a  running  mysqld  server  supports  OpenSSL  by  examining  if  SHOW VARIABLES LIKE 'have_openssl' returns YES. 4.3.9.3  GRANT Options MySQL can check X509 certi cate attributes in addition to the normal username/password scheme.   All  the  usual  options  are  still  required  (username,  password,  IP  address  mask, database/table name). There are di erent possibilities to limit connections:    Without  any  SSL/X509  options,  all  kind  of  encrypted/unencrypted  connections  are allowed if username and password are valid.    REQUIRE SSL  option limits the server to allow only SSL encrypted connections.  Note that  this  option  can  be  omitted  if  there  are  any  ACL  records  which  allow  non-SSL connections. mysql> GRANT ALL PRIVILEGES ON test.* TO root@localhost -> IDENTIFIED BY "goodsecret" REQUIRE SSL;    REQUIRE X509 means that client should have valid certi cate but we do not care about the exact certi cate, issuer or subject.  The only restriction is that it should be possible to verify its signature with one of the CA certi cates. mysql> GRANT ALL PRIVILEGES ON test.* TO root@localhost -> IDENTIFIED BY "goodsecret" REQUIRE X509;    REQUIRE ISSUER issuer  makes connection more restrictive:  now client must present a valid X509 certi cate issued by CA "issuer".  Using X509 certi cates always implies encryption, so the option "SSL" is not neccessary anymore. mysql> GRANT ALL PRIVILEGES ON test.* TO root@localhost -> IDENTIFIED BY "goodsecret" -> REQUIRE ISSUER "C=FI, ST=Some-State, L=Helsinki, "> O=MySQL Finland AB, CN=Tonu Samuel/Email=tonu@mysql.com";    REQUIRE SUBJECT subject  requires clients to have valid X509 certi cate with subject "subject" on it.  If client have valid certi cate but having di erent "subject" then the connection is still not allowed. mysql> GRANT ALL PRIVILEGES ON test.* TO root@localhost -> IDENTIFIED BY "goodsecret" -> REQUIRE SUBJECT "C=EE, ST=Some-State, L=Tallinn, "> O=MySQL demo client certificate, "> CN=Tonu Samuel/Email=tonu@mysql.com";    REQUIRE CIPHER cipher is needed to assure enough strong ciphers and keylengths will be used.  SSL itself can be weak if old algorithms with short encryption keys are used. Using this option, we can ask for some exact cipher method to allow a connection. mysql> GRANT ALL PRIVILEGES ON test.* TO root@localhost -> IDENTIFIED BY "goodsecret"
     

    Customer Support CentreMySQL Reference Manual

    Web Hosting Services
    UNIX WEB HOSTING
    SUPPORT & FAQ's
    TERMS OF USE
    Domain Services
    DOMAIN REGISTRATION
    MANAGE YOUR ACCOUNT
    SUPPORT & FAQ's
    TERMS OF USE
    SITE MAP
    Home
    Hosting Plans | Domain Registration | About Us | Contact Us | Site Map
    Terms of Use | Privacy Policy | Guarantees
    Merchant Accounts

    SpiritHost - web hosting for spiritual and education sites
    SpiritHit.com - Religious and Spiritual Portal

    Copyright © 2002 Dyntex Group, Inc. All Rights Reserved

  • Return to Table of Contents
    		•
  • Back to top
    • Web Hosting: Manuals & FAQ's
    1. Unix-Based Web Hosting
    2. Unix Dedicated Servers
    3. Windows Dedicated Servers
    4. CuteFTP User’s Guide
    5. CuteHTML User’s Guide
    6. WS_FTP Pro User's Guide
    7. Miva Order User's Guide
    8. Miva Merchant User's Guide