2018 January 21 白名单, mysql

mysql数据库远程访问白名单设置

mysql数据库远程访问白名单设置

对于一般的数据库管理系统,一般需要开启远程访问。一般会开启“%”所有IP均可进行远程访问,但此种方法会存在任意IP均可登录的风险,推荐关闭该功能,而仅针对需要访问的白名单IP进行设置;本文介绍了两种设置的实现方法。

1. 设置所有IP均可访问

a.查看当前设置

# mysql -u root -pxxxxxx;

mysql>use mysql;

mysql>select host, user from user;

b.设置允许所有远程用户以指定密码登录root用户

mysql>GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'xxxxxx' WITH GRANT OPTION;

c.查询设置是否成功,出现如下行表示设置成功

mysql> select host, user from user;
+-----------------------+------+
| host | user |
+-----------------------+------+
| % | root |
| 127.0.0.1 | root |

d.刷新退出即可

mysql>flush privileges ;

mysql> exit;

2.设置允许指定IP进行远端访问

a.查看当前设置

# mysql -u root -pxxxxxx;

mysql>use mysql;

mysql>select host, user from user;

b.若设置过允许所有远端IP访问,需要删除

mysql>DELETE FROM user WHERE User="root" and Host="%";

c.增加指定IP可访问,可多行,可以使用通配符

#允许IP为194.255.0.18的用户以root密码为xxxxxx登录
GRANT ALL PRIVILEGES ON *.* TO root@'194.255.0.18' IDENTIFIED BY 'xxxxxx' WITH GRANT OPTION;

#允许IP为194.255.0.%(%代表所有)的用户以root密码为xxxxxx登录
GRANT ALL PRIVILEGES ON *.* TO root@'194.255.0.%' IDENTIFIED BY 'xxxxxx' WITH GRANT OPTION;

#允许IP为194.255.%.%(%代表所有)的用户以root密码为xxxxxx登录
GRANT ALL PRIVILEGES ON *.* TO root@'194.255.%.%' IDENTIFIED BY 'xxxxxx' WITH GRANT OPTION;

d.查看设置是否成功

mysql>select host, user from user;

e.刷新退出即可

mysql>flush privileges ;

mysql> exit;

如有疑问,欢迎交流

All content is licensed under CC BY-NC-SA

Buit with Jekyll and 3-Jekyll theme • Hosted on Github

Table of Contents