Rechercher dans le manuel MySQL
6.3.1 User Names and Passwords
MySQL stores accounts in the user
table of the
mysql
system database. An account is defined in
terms of a user name and the client host or hosts from which the
user can connect to the server. For information about account
representation in the user
table, see
Section 6.2.3, “Grant Tables”.
The account may also have a password. MySQL supports authentication plugins, so it is possible that an account authenticates using some external authentication method. See Section 6.3.10, “Pluggable Authentication”.
There are several distinctions between the way user names and passwords are used by MySQL and your operating system:
User names, as used by MySQL for authentication purposes, have nothing to do with user names (login names) as used by Windows or Unix. On Unix, most MySQL clients by default try to log in using the current Unix user name as the MySQL user name, but that is for convenience only. The default can be overridden easily, because client programs permit any user name to be specified with a
-u
or--user
option. This means that anyone can attempt to connect to the server using any user name, so you cannot make a database secure in any way unless all MySQL accounts have passwords. Anyone who specifies a user name for an account that has no password is able to connect successfully to the server.MySQL user names can be up to 32 characters long. Operating system user names may be of a different maximum length. For example, Unix user names typically are limited to eight characters.
WarningThe limit on MySQL user name length is hardcoded in MySQL servers and clients, and trying to circumvent it by modifying the definitions of the tables in the
mysql
database does not work.You should never alter the structure of tables in the
mysql
database in any manner whatsoever except by means of the procedure that is described in Section 4.4.5, “mysql_upgrade — Check and Upgrade MySQL Tables”. Attempting to redefine MySQL's system tables in any other fashion results in undefined (and unsupported!) behavior. The server is free to ignore rows that become malformed as a result of such modifications.To authenticate client connections for accounts that use MySQL native authentication (implemented by the
mysql_native_password
authentication plugin), the server uses passwords stored in theuser
table. These passwords are distinct from passwords for logging in to your operating system. There is no necessary connection between the “external” password you use to log in to a Windows or Unix machine and the password you use to access the MySQL server on that machine.If the server authenticates a client using some other plugin, the authentication method that the plugin implements may or may not use a password stored in the
user
table. In this case, it is possible that an external password is also used to authenticate to the MySQL server.Passwords stored in the
user
table are encrypted using plugin-specific algorithms.If the user name and password contain only ASCII characters, it is possible to connect to the server regardless of character set settings. To connect when the user name or password contain non-ASCII characters, the client should call the
mysql_options()
C API function with theMYSQL_SET_CHARSET_NAME
option and appropriate character set name as arguments. This causes authentication to take place using the specified character set. Otherwise, authentication will fail unless the server default character set is the same as the encoding in the authentication defaults.Standard MySQL client programs support a
--default-character-set
option that causesmysql_options()
to be called as just described. In addition, character set autodetection is supported as described in Section 10.4, “Connection Character Sets and Collations”. For programs that use a connector that is not based on the C API, the connector may provide an equivalent tomysql_options()
that can be used instead. Check the connector documentation.The preceding notes do not apply for
ucs2
,utf16
, andutf32
, which are not permitted as client character sets.
The MySQL installation process populates the grant tables with an
initial root
account, as described in
Section 2.10.4, “Securing the Initial MySQL Account”, which also discusses how to
assign passwords to it. Thereafter, you normally set up, modify,
and remove MySQL accounts using statements such as
CREATE USER
,
DROP USER
,
GRANT
, and
REVOKE
. See
Section 13.7.1, “Account Management Statements”.
To connect to a MySQL server with a command-line client, specify user name and password options as necessary for the account that you want to use:
shell> mysql --user=finley --password db_name
If you prefer short options, the command looks like this:
shell> mysql -u finley -p db_name
If you omit the password value following the
--password
or -p
option on the command line (as just shown), the client prompts for
one. Alternatively, the password can be specified on the command
line:
shell> mysql --user=finley --password=password db_name
shell> mysql -u finley -ppassword db_name
If you use the -p
option, there must be
no space between -p
and the
following password value.
Specifying a password on the command line should be considered insecure. See Section 6.1.2.1, “End-User Guidelines for Password Security”. You can use an option file or a login path file to avoid giving the password on the command line. See Section 4.2.7, “Using Option Files”, and Section 4.6.7, “mysql_config_editor — MySQL Configuration Utility”.
For additional information about specifying user names, passwords, and other connection parameters, see Section 4.2.2, “Connecting to the MySQL Server”.
Traduction non disponible
Le manuel MySQL n'est pas encore traduit en français sur l'infobrol. Seule la version anglaise est disponible pour l'instant.
Document créé le 26/06/2006, dernière modification le 26/10/2018
Source du document imprimé : https://www.gaudry.be/mysql-rf-user-names.html
L'infobrol est un site personnel dont le contenu n'engage que moi. Le texte est mis à disposition sous licence CreativeCommons(BY-NC-SA). Plus d'info sur les conditions d'utilisation et sur l'auteur.
Références
Ces références et liens indiquent des documents consultés lors de la rédaction de cette page, ou qui peuvent apporter un complément d'information, mais les auteurs de ces sources ne peuvent être tenus responsables du contenu de cette page.
L'auteur de ce site est seul responsable de la manière dont sont présentés ici les différents concepts, et des libertés qui sont prises avec les ouvrages de référence. N'oubliez pas que vous devez croiser les informations de sources multiples afin de diminuer les risques d'erreurs.