Open Source Server Side Scripting Permissions & Users

Slides:



Advertisements
Similar presentations
Widhy Hayuhardhika NP, S.Kom. Overview of database structure Connecting to MySQL database Selecting the database to use Using the require_once statement.
Advertisements

MySQL Access Privilege System
PHP and MySQL Database. Connecting to MySQL Note: you need to make sure that you have MySQL software properly installed on your computer before you attempt.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Objectives Connect to MySQL from PHP
A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’
A Guide to SQL, Seventh Edition. Objectives Understand, create, and drop views Recognize the benefits of using views Grant and revoke user’s database.
Structured Query Language SQL: An Introduction. SQL (Pronounced S.Q.L) The standard user and application program interface to a relational database is.
What is MySQL? MySQL is a database. The data in MySQL is stored in database objects called tables. A table is a collections of related data entries and.
A Guide to SQL, Eighth Edition Chapter Three Creating Tables.
Session 5: Working with MySQL iNET Academy Open Source Web Development.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
INTERNET APPLICATION DEVELOPMENT For More visit:
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
 SQL stands for Structured Query Language.  SQL lets you access and manipulate databases.  SQL is an ANSI (American National Standards Institute) standard.
INTERNET APPLICATION DEVELOPMENT PRACTICAL ON CONNECTING TO MYSQL.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
Chapter 7 Working with Databases and MySQL PHP Programming with MySQL 2 nd Edition.
Chapter 7 Working with Databases and MySQL PHP Programming with MySQL 2 nd Edition.
ITN Wake Tech1 ITN270 Advanced Internet Databases Lecture 15. General MySQL Administration Topics: –Securing a New MySQL Installation –MySQL Server.
Introduction to MySQL Lab no. 10 Advance Database Management System.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
CSC 2720 Building Web Applications Database and SQL.
Database and mySQL Week 07 Dynamic Web TCNJ Jean Chu.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting MySQL – Selecting Data.
SQL SQL Server : Overview SQL : Overview Types of SQL Database : Creation Tables : Creation & Manipulation Data : Creation & Manipulation Data : Retrieving.
Intro to DatabasesClass 4 SQL REVIEW To talk to the database, you have to use SQL SQL is used by many databases, not just MySQL. SQL stands for Structured.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting PHP & MySQL.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting MySQL – Inserting Data.
What’s a database? Data stored in a structured format that lends itself to easy manipulation and recall.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
SQL CREATING AND MANAGING TABLES lecture4 1. Database Objects ObjectDescription TableBasic unit of storage; composed of rows and columns ViewLogically.
Chapter 8 Manipulating MySQL Databases with PHP PHP Programming with MySQL 2 nd Edition.
>> Introduction to MySQL. Introduction Structured Query Language (SQL) – Standard Database Language – Manage Data in a DBMS (Database Management System)
CHAPTER 10 PHP MySQL Database
LM 5 Introduction to SQL MISM 4135 Instructor: Dr. Lei Li.
CS320 Web and Internet Programming SQL and MySQL Chengyu Sun California State University, Los Angeles.
Programming for the Web MySQL Command Line Using PHP with MySQL Dónal Mulligan BSc MA
Software-Projekt 2008 Seminarvortrag“Short tutorial of MySql“ Wei Chen Verena Honsel.
Slide Set #24: Database security SY306 Web and Databases for Cyber Operations.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Intro to MySQL.
 MySQL is a database system used on the web  MySQL is a database system that runs on a server  MySQL is ideal for both small and large applications.
Controlling User Access
Web Systems & Technologies
CS320 Web and Internet Programming SQL and MySQL
Open Source Server Side Scripting MySQL Functions
Understanding SQL Statements
SQL Creating and Managing Tables
Introduction to Web programming
Using SQL Server through Command Prompt
Transparent Data Encryption (TDE)
ISC440: Web Programming 2 Server-side Scripting PHP 3
SQL Creating and Managing Tables
Chapter 7 Working with Databases and MySQL
Chapter 8 Working with Databases and MySQL
SQL Creating and Managing Tables
MySQL and PHPMyAdmin 1.
Web Programming Language
MySQL User Privileges: Grant
CS122 Using Relational Databases and SQL
Chapter 2: Creating And Modifying Database Tables
Tutorial 6 PHP & MySQL Li Xu
CS3220 Web and Internet Programming SQL and MySQL
CS1222 Using Relational Databases and SQL
Data Definition Language
MySQL Database System Installation Overview SQL summary
IST 318 Database Administration
CS3220 Web and Internet Programming SQL and MySQL
Introduction to Web programming
CS122 Using Relational Databases and SQL
Presentation transcript:

Open Source Server Side Scripting Permissions & Users ECA 236 Open Source Server Side Scripting Permissions & Users Open Source Server Side Scripting

2 additional date functions DATE_FORMAT( ) used to format both the date and time used if values are DATE or DATETIME data types ( YYYY-MM-DD HH:MM:SS ) TIME_FORMAT( ) used to format time used if values are TIME data type ( HH:MM:SS ) SELECT DATE_FORMAT( date_column, ‘format_string’ ) FROM table_name; ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting format specifiers Specifier Description Example %e day of the month 1 – 31 %d day of the month, 2 digits 01 – 31 %D day with suffix 1st – 31st %W weekday name Sunday – Saturday %a abbreviated weekday name Sun – Sat %c month number 1 – 12 %m month number, 2 digit 01 – 12 ECA 236 Open Source Server Side Scripting

format specifiers cont … Description Example %M month name January – December %b abbreviated month name Jan – Dec %Y year 2003 %y 03 %l (lowercase L) hour 1 – 12 %h hour, 2 digit 01 – 12 %k hour, 24 hour clock 0 – 23 ECA 236 Open Source Server Side Scripting

format specifiers cont … Description Example %H hour, 24 hour clock, 2 digit 00 – 23 %i minutes 00 – 59 %S seconds %r time 3:13:03 PM %T time, 24 hour clock 15:13:03 %p AM or PM ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting format examples display the current date and time in the format: Month DD, YYYY – HH:MM display the registration date in users in the format: Registered on the DDth of Month. SELECT DATE_FORMAT( NOW( ), ‘%M %e, %Y - %l:%i' ); SELECT DATE_FORMAT( registration_date, ‘Registered on the %D of %M.’ ) FROM users; ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting ALTER used to alter the structure of a table after it has been created changing data type changing size change column name etc ALTER TABLE table_name alteration [, alteration … ]; ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting ALTER cont … common ALTER clauses Clause Meaning ADD COLUMN Add a new column to the end of a table DROP COLUMN Removes a column from a table, including all its data CHANGE COLUMN Change the data type and properties of a column ADD INDEX Adds a new index on a column DROP INDEX Removes an existing index RENAME AS Changes the name of a table ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting ALTER cont … to add an additional column to users AFTER adds new column after designated column FIRST adds new column as first column in table default is to add column to end ALTER TABLE users ADD COLUMN username VARCHAR(20) AFTER user_id; ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting ALTER cont … to drop a column to change the properties of a column, such as changing size of last_name from 30 to 45 ALTER TABLE users DROP COLUMN username; ALTER TABLE users CHANGE COLUMN last_name last_name VARCHAR(45); ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting INDEX used to improve overall performance, especially when searching a particular column or columns indexes are best used on columns that are frequently used in a WHERE clause are frequently used in an ORDER BY clause are frequently used in joins contain unique value do not place an INDEX on columns which don’t need them ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting INDEX cont … 3 types of indexes INDEX UNIQUE ( each row must have a unique value ) PRIMARY KEY ( automatically indexed ) Syntax ALTER TABLE table_name ADD INDEX index_name ( column_name ); ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting INDEX cont … to add an INDEX on the last_name, first_name, and password columns, and a UNIQUE index on the username column, of the table users ALTER TABLE users ADD INDEX ( last_name ), ADD INDEX ( first_name ), ADD INDEX ( password ), ADD UNIQUE ( username ); ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting INDEX cont … to drop an index to rename a table ALTER TABLE users DROP INDEX first_name; ALTER TABLE table_name RENAME AS new_table_name; ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting database users root user administrative privileges which should not be shared with any other user other users we will create one administrative user for PHP scripts which connect through the web limit these other users to what privileges they have on any particular database ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting privileges privilege a right to perform a particular action on a particular database specific privileges are associated with individual users privileges are granted when a user is created principle of least privilege Do not give a user any more privileges than necessary ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting privileges cont … MySQL Privileges Privilege Applies To Allows SELECT tables, columns Read rows from tables INSERT Add new rows to tables UPDATE Modify existing data in tables DELETE tables Delete existing data in tables INDEX Create and drop indexes ALTER Modify the structure of tables CREATE database, tables Create new databases or tables ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting privileges cont … MySQL Privileges Privilege Applies To Allows DROP database, tables Drop existing databases or tables RELOAD server Reload the grant tables to enact user changes SHUTDOWN Shut down the MySQL Server PROCESS View and stop MySQL server processes FILE Import data into tables from text files GRANT Create new users REVOKE Remove the privileges of existing users ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting privileges cont … by default, the root user has been granted all privileges as root user, we can create new users with a limited set of privileges on specific databases MySQL server can contain multiple databases each user may be limited to a single database, table, or column, as well as limiting type of privileges on each privilege system insures integrity of databases ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting privileges cont … when a user attempts to do something with the server, MySQL checks to make sure user has: permission to connect to server, based on username and pw permission to connect to specified database permission to run specific queries ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting privileges cont … to check permissions, MySQL looks in the following tables of the mysql database: db host user tables_priv columns_priv ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting GRANT users can be granted 4 levels of privileges global ( reserve for root ) database table column GRANT is used to create users and grant privileges GRANT privileges ON database.* TO username IDENTIFIED BY ‘password’; ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting GRANT cont … GRANT privileges ON database.* TO username IDENTIFIED BY ‘password’; privileges comma separated list of privileges to grant to user database.* designate the database and table to which the privileges apply database.* applies to all tables in the database database.table_name applies only to specified table ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting GRANT cont … GRANT privileges ON database.* TO username IDENTIFIED BY ‘password’; username specify user name 16 character limit no spaces case sensitive ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting GRANT cont … GRANT privileges ON database.* TO username IDENTIFIED BY ‘password’; IDENTIFIED BY ‘password ’ designated password with which the user logs on no length limit automatically encrypted to 16 characters case sensitive omitting IDENTIFIED BY clause will create a user who requires no password ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting GRANT example create a new database create a user who has administrative privileges on mushrooms alter tables, insert data, create tables, etc privileges on every table in mushrooms CREATE DATABASE mushrooms; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX ON mushrooms.* TO bob IDENTIFIED BY ‘TwPk’; ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting GRANT example cont … create a second user with only SELECT privileges tell MySQL to enact the changes in the privilege tables GRANT SELECT ON mushrooms.* TO leland IDENTIFIED BY ‘alterEgo’; FLUSH PRIVILEGES; ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting GRANT example cont … test new users and their privileges exit as root user sign in as the user bob with the password “ TwPk ” attempt to use mysql database attempt to use mushrooms database use mysql; use mushrooms; ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting GRANT example cont … create a table in the mushrooms database INSERT one record into morel exit mysql monitor, sign in as leland SELECT records CREATE TABLE morel ( location VARCHAR(50), find_date DATE ); INSERT INTO morel VALUES ( ‘Bolivar’, ‘2003-05-13’ ); CREATE TABLE morel ( location VARCHAR(50), find_date DATE ); SELECT * FROM morel; ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting sitename create a user NAMED Web_User for sitename with the following privileges: SELECT, INSERT, UPDATE, DELETE. Web_User is identified by the password ‘my1230’ GRANT SELECT, INSERT, UPDATE, DELETE ON sitename.* TO Web_User IDENTIFIED BY ‘my1230’; FLUSH PRIVILEGES; ECA 236 Open Source Server Side Scripting

General Security Guidelines 4.3.1 in the MySQL Manual do not ever give anyone, except the root user, access to the user table in the mysql database learn the MySQL privilege system do not keep plain-text passwords in the database do not choose passwords from the dictionary do not trust any data entered by a user do not transmit plain, unencrypted data over the Internet ECA 236 Open Source Server Side Scripting

Open Source Server Side Scripting PHP & MySQL to test whether PHP is making a connection to MySQL, run the following from a server if you connect you will see <?php echo $dbc = mysql_connect( ‘localhost’, ’Web_User’, ‘my1230’ ); ?> Resource id #1 ECA 236 Open Source Server Side Scripting

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.