共计 3589 个字符,预计需要花费 9 分钟才能阅读完成。
前言:
在日常应用数据库的过程中,难免会遇到须要批改账号密码的情景,比方明码太简略须要批改、明码过期须要批改、遗记明码须要批改等。本篇文章将会介绍须要批改明码的场景及批改明码的几种形式。
1. 遗记 root 明码
遗记 root 明码的场景还是比拟常见的,特地是本人搭的测试环境通过良久没用过时,很容易记不得过后设置的明码。这个时候个别罕用的办法是跳过权限验证,而后更改 root 明码,之后再启用权限验证。以 MySQL 5.7 版本为例简略讲下次要过程:
首先批改配置文件,在 [mysqld] 局部加上一句:skip-grant-tables,加上此参数的目标是跳过权限验证。而后重启数据库,数据库再次启动后,咱们就能够不必明码间接登录数据库批改明码了。
# skip-grant-tables 模式下批改 root 明码
[root@host ~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 5.7.23-log MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> update mysql.user set authentication_string = password ('xxxxxx') where user = 'root' and host = 'localhost';
Query OK, 0 rows affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 0 Warnings: 1
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)批改完 root 明码后,再次去除 skip-grant-tables 参数,而后重启下数据库即可。
2. 几种批改明码的办法
除去遗记明码,可能还有其余情景须要批改明码,这时候就能够采取一般形式批改明码了。还是以 MySQL 5.7 版本为例,介绍几种罕用的批改明码的办法。
应用 alter user 批改
比方如果想更改 testuser 账号的明码,咱们能够应用 root 账号登录,而后执行 alter user 命令更改 testuser 账号的明码。
mysql> alter user 'testuser'@'%' identified by 'Password1';
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)应用 SET PASSWORD 命令
应用 SET PASSWORD 批改明码命令格局为 SET PASSWORD FOR ‘username’@’host’ = PASSWORD(‘newpass’); 同样是应用 root 账号可批改其余账号的明码。
mysql> SET PASSWORD FOR 'testuser'@'%' = PASSWORD('Password2');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)应用 mysqladmin 批改明码
应用 mysqladmin 命令批改账号密码格局为 mysqladmin - u 用户名 - p 旧明码 password 新密码
[root@host ~]# mysqladmin -utestuser -pPassword2 password Password3
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
[root@host ~]# mysql -utestuser -pPassword3
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2388
Server version: 5.7.23-log MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> 间接 update user 表
其实 MySQL 所以的账号信息都存储在 mysql.user 表外面,咱们也能够间接通过 update user 表来批改明码。
# 5.7 及之后版本
mysql> update mysql.user set authentication_string = password ('Password4') where user = 'testuser' and host = '%';
Query OK, 1 row affected, 1 warning (0.06 sec)
Rows matched: 1 Changed: 1 Warnings: 1
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
# 5.6 及之前版本
update mysql.user set password=password('新密码') where user='用户名' and host='host'; 3. 设置 login-path 本地快捷登陆
为了避免明码裸露及遗记明码,咱们还能够设置 login-path 来实现在本地不输明码快捷登录。
login-path 是 MySQL 5.6 开始反对的新个性。通过借助 mysql_config_editor 工具将登陆 MySQL 服务的认证信息加密保留在 .mylogin.cnf 文件(默认位于用户主目录)。MySQL 客户端工具可通过读取该加密文件连贯 MySQL,实现快捷登录。
假如咱们想配置 root 账号在本地快捷登录,能够这么做:
# 执行回车后须要输出一次 root 明码
[root@host ~]# mysql_config_editor set --login-path=root -uroot -hlocalhost -p -P3306
Enter password:
# 配置实现后能够应用 login-path 登录
[root@host ~]# mysql --login-path=root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2919
Server version: 5.7.23-log MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> 总结:
本篇文章次要介绍了批改数据库账号密码的几种办法,根本涵盖了所有的场景。这里也揭示下各位,数据库账号最好限度 ip 段登录,明码尽量简单些,最好可能定期批改,特地是重要的环境不能有半点马虎。年底了,平安才是王道。