Workshop

The workshop is designed to help you anticipate possible questions, review what you've learned, and begin learning how to put your knowledge into practice.

Quiz

1:

True or False: Telnet is a perfectly acceptable method to securely connect to MySQL from a remote host.

A1:

False. The key word is "secure," and Telnet does not encrypt data between hosts. Instead, use SSH to connect to your server.

2:

Which three pieces of information does MySQL check each time a request is made?

A2:

Who you are, where you are accessing from, and what actions you're allowed to perform.

3:

What command would you use to grant SELECT, INSERT, and UPDATE privileges to a user named bill on localhost to all tables on the BillDB database? Also, what piece of information is missing from this statement that is recommended for security purposes?

A3:

The command is

GRANT SELECT, INSERT, UPDATE
ON BillDB.*
TO bill@localhost;

The important missing piece is a password for the user!

Activities

  1. Think of situations in which you might want to restrict command access at the table level. For example, you wouldn't want the intern-level administrator to have shutdown privileges for the corporate database.

  2. If you have administrative privileges in MySQL, issue several GRANT commands to create dummy users. It doesn't matter whether the tables and databases you name are actually present.

  3. Use REVOKE to remove some of the privileges of the users you created in activity 2.



    Part III: Getting Involved with the Code