Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
ce347166
Commit
ce347166
authored
Oct 02, 2001
by
monty@hundin.mysql.fi
Browse files
Options
Browse Files
Download
Plain Diff
merge
parents
c2f6d577
052784e4
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
32 additions
and
33 deletions
+32
-33
BitKeeper/etc/logging_ok
BitKeeper/etc/logging_ok
+1
-0
Docs/manual.texi
Docs/manual.texi
+31
-33
No files found.
BitKeeper/etc/logging_ok
View file @
ce347166
...
...
@@ -30,3 +30,4 @@ tonu@hundin.mysql.fi
tonu@volk.internalnet
tonu@x153.internalnet
tonu@x3.internalnet
Administrator@fred.
Docs/manual.texi
View file @
ce347166
...
...
@@ -528,8 +528,8 @@ and @code{dvips}. The PDF version is produced with @code{pdftex}.
@cindex Texinfo
This manual is written and maintained by David Axmark, Michael (Monty)
Widenius, Jeremy Cole,
and Paul DuBois. For other contributors,
see @ref{Credits}.
Widenius, Jeremy Cole,
Arjen Lentz, and Paul DuBois. For other
contributors,
see @ref{Credits}.
@node Manual conventions, History, Manual-info, MySQL and MySQL AB
...
...
@@ -16859,7 +16859,6 @@ MySQL grant tables.
For a description of using @code{REQUIRE}, see @xref{Secure connections}.
@node User names, Privilege changes, GRANT, User Account Management
@subsection MySQL User Names and Passwords
...
...
@@ -17449,43 +17448,42 @@ uses SSL we need to explain some basics about SSL and X509. People who
are already aware of it can skip this chapter.
By default, MySQL uses unencrypted connections between client and
server. This means that
anyone on the way can listen and read all your
data which moves there. Even more, some people can change content of
data while it is moving between client and server. Sometime you may need
to move really secret data over public networks and such publicity is
unacceptable.
server. This means that
someone could watch all your traffic and look at
the data being sent/received. Actually, they could even change the data
while it is in transit between client and server. Sometimes you need to
move really secret data over public networks and in such a case using an
un
encrypted connection is un
acceptable.
SSL is a protocol which uses different encryption algorithms to ensure
that data which comes from public network can be trusted. It ha
ve
that data which comes from public network can be trusted. It ha
s
mechanisms to detect any change, loss or replay of data. SSL also
incorpores algorithms to recognize and
verification of identity using
X509 standard.
incorpores algorithms to recognize and
provide identity verification
using the
X509 standard.
@cindex What is encryption
Encryption is the way to make any kind of data unreadable.
Even more
,
today's practice require many additional security elements from
Encryption is the way to make any kind of data unreadable.
In fact
,
today's practice require
s
many additional security elements from
encryption algorithms. They should resist many kind of known attacks
like just messing with order of encrypted messages or replaying data
twice.
@cindex What is X509/Certificate?
X509 is standard which makes possible to identity someone in the
Internet. Mostly it is used in e-commerce over the Internet. Shortly
speaking there should be some company called "Certificate Authority"
which assigns electronic certificates to everyone who
needs. Certificates rely on asymmetric encryption algorithms which have
two encryption keys - public and secret. Certificate owner can prove his
identity showing certificate to other party. Certificate consists his
owner public key. Any data encrypted with it can be decrypted only by
secret key holder.
@cindex Possible questions:
MySQL doesn't use encrypted on connections by default because this would
make the client/server protocol much slower. Any kind of additional
functionality requires computer to do additional work and encrypting
data is CPU-intensive operation which can overcome MySQL own work and
consumed time. By default MySQL is tuned to be fast as possible.
X509 is a standard that makes it possible to identify someone in the
Internet. It is most commonly used in e-commerce applications. In basic
terms, there should be some company called "Certificate Authority" which
assigns electronic certificates to anyone who needs them. Certificates
rely on asymmetric encryption algorithms which have two encryption keys
- public and secret. A certificate owner can prove his identity by
showing his certificate to other party. A certificate consists of his
owner's public key. Any data encrypted with this public key can only be
decrypted using the corresponding secret key, which is held by the owner
of the certificate.
MySQL doesn't use encrypted on connections by default, because this
would make the client/server protocol much slower. Any kind of
additional functionality requires computer to do additional work and
encrypting data is CPU-intensive operation require time and can delay
MySQL main tasks. By default MySQL is tuned to be fast as possible.
If you need more information about SSL/X509/encryption, you should use
your favourite internet search engine and search for keywords you are
...
...
@@ -17520,8 +17518,8 @@ examining if @code{show variables like 'have_openssl'} returns @code{YES}.
@findex GRANT statemenet
MySQL can check x509 certificate attributes additionally to most used
username/password
cheme. All usual options are still required (username,
password, IP address mask, database/table name).
username/password
scheme. All the usual options are still required
(username,
password, IP address mask, database/table name).
There are different possibilities to limit connections:
...
...
@@ -17561,7 +17559,7 @@ GRANT ALL PRIVILEGES ON test.* TO root@@localhost IDENTIFIED BY "goodsecret" REQ
@end example
@item
@code{REQUIRE SUBJECT subject} requires client to have valid x509
@code{REQUIRE SUBJECT subject} requires client
s
to have valid x509
certificate with subject "subject" on it. If client have valid
certificate but having different "subject" then connection is still not
allowed.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment