user host recommend - RENAME USER
Altering mysql.user tables isn't something users should do. RENAME USER has existed for a long time, use this instead. Also change SpecificDNSorIp because DNS based grants are a horrible idea, fragile, and could be disabled with --skip-name-resolve. closes #536
This commit is contained in:
Daniel Black
parent
2a63ffdcd3
commit
0be85cbb9f
1 changed files with 3 additions and 3 deletions
|
|
@ -1892,16 +1892,16 @@ q{SELECT CONCAT(user, '@', host) FROM mysql.global_priv WHERE
|
||||||
}
|
}
|
||||||
|
|
||||||
@mysqlstatlist = select_array
|
@mysqlstatlist = select_array
|
||||||
"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE HOST='%'";
|
"SELECT CONCAT(QUOTE(user), '\@', host) FROM mysql.user WHERE HOST='%'";
|
||||||
if (@mysqlstatlist) {
|
if (@mysqlstatlist) {
|
||||||
foreach my $line ( sort @mysqlstatlist ) {
|
foreach my $line ( sort @mysqlstatlist ) {
|
||||||
chomp($line);
|
chomp($line);
|
||||||
my $luser = (split /@/, $line)[0];
|
my $luser = (split /@/, $line)[0];
|
||||||
badprint "User '" . $line. "' does not specify hostname restrictions.";
|
badprint "User '" . $line. "' does not specify hostname restrictions.";
|
||||||
push( @generalrec,
|
push( @generalrec,
|
||||||
"Restrict Host for '$luser'\@% to $luser\@SpecificDNSorIp" );
|
"Restrict Host for $luser\@% to $luser\@LimitedIPRangeOrLocalhost" );
|
||||||
push( @generalrec,
|
push( @generalrec,
|
||||||
"UPDATE mysql.user SET host ='SpecificDNSorIp' WHERE user='" . $luser. "' AND host ='%'; FLUSH PRIVILEGES;" );
|
"RENAME USER $luser\@'%' TO " . $luser. "\@LimitedIPRangeOrLocalhost;" );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue