I have a question related to passwords:
We can create a user and assign him a password by doing this:
CREATE USER Bobby IDENTIFIED BY 12345
Then we can also grant him permissions by doing:
GRANT ALL ON *.* TO Bobby@'localhost' IDENTIFIED BY 'password';
However, when we change the password for that user by doing:
SET PASSWORD FOR 'Bobby'@'localhost' = PASSWORD('newpassword');
I am able to login with this new password, and also do any kind of queries to the databases. So, is it true that when updating the password, we are actually updating both the one created with CREATE USER Bobby
and the one created with GRANT
?
The other part of the question is... If the password used when CREATE is different than the password used when GRANT, it seems that the GRANT password takes priority. So, why would the password in CREATE be useful for?
Here's what happens.
With this
CREATE USER 'Bobby' IDENTIFIED BY '12345';
a user is created. He has no rights but to connect and look at how the server is configured and at some status variables. The same happens when you do this:
GRANT USAGE ON *.* TO 'Bobby'@'localhost' IDENTIFIED BY '12345';
You don't even need the CREATE USER
statement before. The GRANT
statement would create the user if it doesn't exist.
Because we specified a password with the GRANT
statement, the password gets changed, too. There are no separate passwords or whatever.
When you change your password either via GRANT
statement or via SET PASSWORD
, you can only login with the new password.
While the privileges are checked for every query, the password isn't! When you don't disconnect, you can still execute all queries you have the rights for, although you connected with the old password.
Edit: I have to correct myself, the privileges are not checked for every query. The user has the rights he had when he connected as long as he is connected. When privileges are revoked from the user, he has to reconnect to really lose the privilege.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.