Home > Database > Mysql Tutorial > 防止人为误操作MySQL数据库技巧一例_MySQL

防止人为误操作MySQL数据库技巧一例_MySQL

WBOY
Release: 2016-05-27 14:12:35
Original
1066 people have browsed it

防止人为误操作MySQL数据库技巧一例

(本题来自老男孩培训内部学生问题,属于数据库安全技巧)

在若干年前,老男孩亲自遇到一个“命案”,老大登录数据库update一个记录,结果忘了加where,于是悲剧发生了,这使得我对MySQL的增量恢复熟练度远超过其他的知识点,同时也很在意对内的数据库安全,并且每次讲课讲到此处,都会给学生讲这个领导的故事。

1、mysql帮助说明

<ol class="dp-sql">
<li class="alt"><span><span>[oldboy_c64 ~]# mysql </span><span class="comment">--help|grep dummy      </span><span> </span></span></li>
<li><span> -U, <span class="comment">--i-am-a-dummy Synonym for option --safe-updates, -U.</span><span> </span></span></li>
<li class="alt"><span>i-am-a-dummy      <span class="keyword">FALSE</span><span> </span></span></li>
</ol>
Copy after login

在mysql命令加上选项-U后,当发出没有WHERE或LIMIT关键字的UPDATE或DELETE时,mysql程序就会拒绝执行

2、指定-U登录测试

<ol class="dp-sql">
<li class="alt"><span><span>[oldboy_c64 ~]# mysql -uroot -poldboy123 -S /data/3306/mysql.sock -U </span></span></li>
<li><span>Welcome <span class="keyword">to</span><span> the MySQL monitor. Commands </span><span class="keyword">end</span><span> </span><span class="keyword">with</span><span> ; </span><span class="op">or</span><span> \g. </span></span></li>
<li class="alt"><span>Your MySQL <span class="keyword">connection</span><span> id </span><span class="keyword">is</span><span> 14 </span></span></li>
<li><span>Server version: 5.5.32-log MySQL Community Server (GPL) </span></li>
<li class="alt"><span>Copyright (c) 2000, 2013, Oracle <span class="op">and</span><span>/</span><span class="op">or</span><span> its affiliates. </span><span class="op">All</span><span> rights reserved. </span></span></li>
<li><span>Oracle <span class="keyword">is</span><span> a registered trademark </span><span class="keyword">of</span><span> Oracle Corporation </span><span class="op">and</span><span>/</span><span class="op">or</span><span> its </span></span></li>
<li class="alt"><span>affiliates. Other names may be trademarks <span class="keyword">of</span><span> their respective </span></span></li>
<li><span>owners. </span></li>
<li class="alt"><span>Type <span class="string">'help;'</span><span> </span><span class="op">or</span><span> </span><span class="string">'\h'</span><span> </span><span class="keyword">for</span><span> help. Type </span><span class="string">'\c'</span><span> </span><span class="keyword">to</span><span> clear the </span><span class="keyword">current</span><span> input statement. </span></span></li>
<li><span>mysql> <span class="keyword">delete</span><span> </span><span class="keyword">from</span><span> oldboy.student; </span></span></li>
<li class="alt"><span>ERROR 1175 (HY000): You are using safe <span class="keyword">update</span><span> mode </span><span class="op">and</span><span> you tried </span><span class="keyword">to</span><span> </span><span class="keyword">update</span><span> a </span><span class="keyword">table</span><span> without a </span><span class="keyword">WHERE</span><span> that uses a </span><span class="keyword">KEY</span><span> </span><span class="keyword">column</span><span> </span></span></li>
<li><span>mysql> quit </span></li>
<li class="alt"><span>Bye </span></li>
</ol>
Copy after login

提示:不加条件无法删除,目的达到。

3、做成别名防止老大和DBA误操作

<ol class="dp-sql">
<li class="alt"><span><span>[oldboy_c64 ~]# alias mysql=</span><span class="string">'mysql -U'</span><span> </span></span></li>
<li><span>[oldboy_c64 ~]# mysql -uroot -poldboy123 -S /data/3306/mysql.sock </span></li>
<li class="alt"><span>Welcome <span class="keyword">to</span><span> the MySQL monitor. Commands </span><span class="keyword">end</span><span> </span><span class="keyword">with</span><span> ; </span><span class="op">or</span><span> \g. </span></span></li>
<li><span>Your MySQL <span class="keyword">connection</span><span> id </span><span class="keyword">is</span><span> 15 </span></span></li>
<li class="alt"><span>Server version: 5.5.32-log MySQL Community Server (GPL) </span></li>
<li><span>Type <span class="string">'help;'</span><span> </span><span class="op">or</span><span> </span><span class="string">'\h'</span><span> </span><span class="keyword">for</span><span> help. Type </span><span class="string">'\c'</span><span> </span><span class="keyword">to</span><span> clear the </span><span class="keyword">current</span><span> input statement. </span></span></li>
<li class="alt"><span>mysql> <span class="keyword">delete</span><span> </span><span class="keyword">from</span><span> oldboy.student; </span></span></li>
<li><span>ERROR 1175 (HY000): You are using safe <span class="keyword">update</span><span> mode </span><span class="op">and</span><span> you tried </span><span class="keyword">to</span><span> </span><span class="keyword">update</span><span> a </span><span class="keyword">table</span><span> without a </span><span class="keyword">WHERE</span><span> that uses a </span><span class="keyword">KEY</span><span> </span><span class="keyword">column</span><span> </span></span></li>
<li class="alt"><span>mysql> <span class="keyword">delete</span><span> </span><span class="keyword">from</span><span> oldboy.student </span><span class="keyword">where</span><span> Sno=5; </span></span></li>
<li><span>Query OK, 1 row affected (0.02 sec) </span></li>
<li class="alt"><span>mysql> quit </span></li>
<li><span>Bye </span></li>
<li class="alt"><span>[oldboy_c64 ~]# echo <span class="string">"alias mysql='mysql -U'"</span><span> >>/etc/profile </span></span></li>
<li><span>[oldboy_c64 ~]# . /etc/profile </span></li>
<li class="alt"><span>[oldboy_c64 ~]# tail -1 /etc/profile </span></li>
<li><span>alias mysql=<span class="string">'mysql -U'</span><span> </span></span></li>
</ol>
Copy after login

结论:

在mysql命令加上选项-U后,当发出没有WHERE或LIMIT关键字的UPDATE或DELETE时,mysql程序拒绝执行

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template