从网上看到一些帖子，面试者被问到如何认识mysql数据库的安全问题。很多安全问题都是由于对账号管理不妥当造成的。 1 删除匿名账号 在mysql版本中，安装完mysql后，默认会有一个匿名账号，只有执行mysql命令就能登录上去。如下： 直接执行mysql 登录上数据库
   从网上看到一些帖子，面试者被问到如何认识mysql数据库的安全问题。很多安全问题都是由于对账号管理不妥当造成的。
  1 删除匿名账号
在mysql版本中，安装完mysql后，默认会有一个匿名账号，只有执行mysql命令就能登录上去。如下：
直接执行mysql 登录上数据库，进入test数据库下
[xkyx80@localhost ~]$ mysql
welcome to the mysql monitor.  commands end with ; or \g.
your mysql connection id is 488
server version: 5.5.20-log source distribution
copyright (c) 2000, 2011, oracle and/or its affiliates. all rights reserved.
oracle is a registered trademark of oracle corporation and/or its
affiliates. other names may be trademarks of their respective
owners.
type 'help;' or '\h' for help. type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| database           |
+--------------------+
| information_schema |
| test               |
+--------------------+
2 rows in set (0.00 sec)
mysql> ues test;
error 1064 (42000): you have an error in your sql syntax; check the manual that corresponds to your mysql server version for the right syntax to use near 'ues test' at line 1
mysql> use test;
database changed
mysql> show tables;
+-------------------+
| tables_in_test    |
+-------------------+
| gonghui2          |
| item              |
| site              |
| tbl_ad_monitor_ip |
| test              |
| test2             |
| test_             |
| test_level        |
| tx                |
+-------------------+
9 rows in set (0.00 sec)
那么它具有的权限呢 ？   现在查看一下mysql下user用户表
mysql> select user();
+----------------+
| user()         |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)
mysql> select * from mysql.user \g;
                  host: localhost.localdomain
                  user:
              password:
           select_priv: n
           insert_priv: n
           update_priv: n
           delete_priv: n
           create_priv: n
             drop_priv: n
           reload_priv: n
         shutdown_priv: n
          process_priv: n
             file_priv: n
            grant_priv: n
       references_priv: n
            index_priv: n
            alter_priv: n
          show_db_priv: n
            super_priv: n
 create_tmp_table_priv: n
      lock_tables_priv: n
          execute_priv: n
       repl_slave_priv: n
      repl_client_priv: n
      create_view_priv: n
        show_view_priv: n
   create_routine_priv: n
    alter_routine_priv: n
      create_user_priv: n
            event_priv: n
          trigger_priv: n
create_tablespace_priv: n
              ssl_type:
            ssl_cipher:
           x509_issuer:
          x509_subject:
         max_questions: 0
           max_updates: 0
       max_connections: 0
  max_user_connections: 0
                plugin:
 authentication_string: null
这样普通用户即可登录mysql ，建大表等操作，建议删掉此账号，或者给此账号加密码。
2 给root账号设置口令
mysql 安装完毕，要给root 账号设定口令
 [xkyx80@localhost ~]$ mysql -uroot
welcome to the mysql monitor.  commands end with ; or \g.
your mysql connection id is 490
server version: 5.5.20-log source distribution
copyright (c) 2000, 2011, oracle and/or its affiliates. all rights reserved.
oracle is a registered trademark of oracle corporation and/or its
affiliates. other names may be trademarks of their respective
owners.
type 'help;' or '\h' for help. type '\c' to clear the current input statement.
mysql> set password=password('密码');
3 设置安全的密码
1 密码设置的尽量复杂，带有字母、数字、特殊字符等
2 使用上保证安全，不被窃取，在登陆mysql时，使用交互式登陆方式，手动输入密码比较安全。
4  只赋予账号必须的权限，只需要增删改查，那就只赋予 select、update、insert、delete权限 ，权限赋予具体化，对用户赋予 all privilege权限是危险的。
from ： 读书笔记 深入浅出mysql