首页 > 数据库 > mysql教程 > 防止人为误操作MySQL数据库技巧一例_MySQL

防止人为误操作MySQL数据库技巧一例_MySQL

WBOY
发布: 2016-05-27 14:12:35
原创
1066 人浏览过

防止人为误操作MySQL数据库技巧一例

(本题来自老男孩培训内部学生问题,属于数据库安全技巧)

在若干年前,老男孩亲自遇到一个“命案”,老大登录数据库update一个记录,结果忘了加where,于是悲剧发生了,这使得我对MySQL的增量恢复熟练度远超过其他的知识点,同时也很在意对内的数据库安全,并且每次讲课讲到此处,都会给学生讲这个领导的故事。

1、mysql帮助说明

<ol class="dp-sql">
<li class="alt"><span><span>[oldboy_c64 ~]# mysql </span><span class="comment">--help|grep dummy      </span><span> </span></span></li>
<li><span> -U, <span class="comment">--i-am-a-dummy Synonym for option --safe-updates, -U.</span><span> </span></span></li>
<li class="alt"><span>i-am-a-dummy      <span class="keyword">FALSE</span><span> </span></span></li>
</ol>
登录后复制

在mysql命令加上选项-U后,当发出没有WHERE或LIMIT关键字的UPDATE或DELETE时,mysql程序就会拒绝执行

2、指定-U登录测试

<ol class="dp-sql">
<li class="alt"><span><span>[oldboy_c64 ~]# mysql -uroot -poldboy123 -S /data/3306/mysql.sock -U </span></span></li>
<li><span>Welcome <span class="keyword">to</span><span> the MySQL monitor. Commands </span><span class="keyword">end</span><span> </span><span class="keyword">with</span><span> ; </span><span class="op">or</span><span> \g. </span></span></li>
<li class="alt"><span>Your MySQL <span class="keyword">connection</span><span> id </span><span class="keyword">is</span><span> 14 </span></span></li>
<li><span>Server version: 5.5.32-log MySQL Community Server (GPL) </span></li>
<li class="alt"><span>Copyright (c) 2000, 2013, Oracle <span class="op">and</span><span>/</span><span class="op">or</span><span> its affiliates. </span><span class="op">All</span><span> rights reserved. </span></span></li>
<li><span>Oracle <span class="keyword">is</span><span> a registered trademark </span><span class="keyword">of</span><span> Oracle Corporation </span><span class="op">and</span><span>/</span><span class="op">or</span><span> its </span></span></li>
<li class="alt"><span>affiliates. Other names may be trademarks <span class="keyword">of</span><span> their respective </span></span></li>
<li><span>owners. </span></li>
<li class="alt"><span>Type <span class="string">'help;'</span><span> </span><span class="op">or</span><span> </span><span class="string">'\h'</span><span> </span><span class="keyword">for</span><span> help. Type </span><span class="string">'\c'</span><span> </span><span class="keyword">to</span><span> clear the </span><span class="keyword">current</span><span> input statement. </span></span></li>
<li><span>mysql> <span class="keyword">delete</span><span> </span><span class="keyword">from</span><span> oldboy.student; </span></span></li>
<li class="alt"><span>ERROR 1175 (HY000): You are using safe <span class="keyword">update</span><span> mode </span><span class="op">and</span><span> you tried </span><span class="keyword">to</span><span> </span><span class="keyword">update</span><span> a </span><span class="keyword">table</span><span> without a </span><span class="keyword">WHERE</span><span> that uses a </span><span class="keyword">KEY</span><span> </span><span class="keyword">column</span><span> </span></span></li>
<li><span>mysql> quit </span></li>
<li class="alt"><span>Bye </span></li>
</ol>
登录后复制

提示:不加条件无法删除,目的达到。

3、做成别名防止老大和DBA误操作

<ol class="dp-sql">
<li class="alt"><span><span>[oldboy_c64 ~]# alias mysql=</span><span class="string">'mysql -U'</span><span> </span></span></li>
<li><span>[oldboy_c64 ~]# mysql -uroot -poldboy123 -S /data/3306/mysql.sock </span></li>
<li class="alt"><span>Welcome <span class="keyword">to</span><span> the MySQL monitor. Commands </span><span class="keyword">end</span><span> </span><span class="keyword">with</span><span> ; </span><span class="op">or</span><span> \g. </span></span></li>
<li><span>Your MySQL <span class="keyword">connection</span><span> id </span><span class="keyword">is</span><span> 15 </span></span></li>
<li class="alt"><span>Server version: 5.5.32-log MySQL Community Server (GPL) </span></li>
<li><span>Type <span class="string">'help;'</span><span> </span><span class="op">or</span><span> </span><span class="string">'\h'</span><span> </span><span class="keyword">for</span><span> help. Type </span><span class="string">'\c'</span><span> </span><span class="keyword">to</span><span> clear the </span><span class="keyword">current</span><span> input statement. </span></span></li>
<li class="alt"><span>mysql> <span class="keyword">delete</span><span> </span><span class="keyword">from</span><span> oldboy.student; </span></span></li>
<li><span>ERROR 1175 (HY000): You are using safe <span class="keyword">update</span><span> mode </span><span class="op">and</span><span> you tried </span><span class="keyword">to</span><span> </span><span class="keyword">update</span><span> a </span><span class="keyword">table</span><span> without a </span><span class="keyword">WHERE</span><span> that uses a </span><span class="keyword">KEY</span><span> </span><span class="keyword">column</span><span> </span></span></li>
<li class="alt"><span>mysql> <span class="keyword">delete</span><span> </span><span class="keyword">from</span><span> oldboy.student </span><span class="keyword">where</span><span> Sno=5; </span></span></li>
<li><span>Query OK, 1 row affected (0.02 sec) </span></li>
<li class="alt"><span>mysql> quit </span></li>
<li><span>Bye </span></li>
<li class="alt"><span>[oldboy_c64 ~]# echo <span class="string">"alias mysql='mysql -U'"</span><span> >>/etc/profile </span></span></li>
<li><span>[oldboy_c64 ~]# . /etc/profile </span></li>
<li class="alt"><span>[oldboy_c64 ~]# tail -1 /etc/profile </span></li>
<li><span>alias mysql=<span class="string">'mysql -U'</span><span> </span></span></li>
</ol>
登录后复制

结论:

在mysql命令加上选项-U后,当发出没有WHERE或LIMIT关键字的UPDATE或DELETE时,mysql程序拒绝执行

相关标签:
来源:php.cn
本站声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
热门教程
更多>
最新下载
更多>
网站特效
网站源码
网站素材
前端模板