#### mysql_secure_installation #### 步骤详解 Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No: y //使用密码验证
There are three levels of password validation policy:
LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0 // 选择密码验证等级 Please set the password for root here.
New password: // 输入新密码
Re-enter new password:
Estimated strength of the password: 50 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y //删除匿名用户 Success.
Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : n // 是否禁止远程登录
... skipping. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y // 是否删除测试库 - Dropping test database... Success.
- Removing privileges on test database... Success.
Reloading the privilege tables will ensure that all changes made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y // 刷新数据库权限 Success.
# 用Navicat root用户连接时,会报如下错误: Authentication plugin 'caching_sha2_password' cannot be loaded: dlopen/usr/local/mysql/lib/plugin/caching_sha2_password.so 2: image not found # ----------原因: # mysql 8.0 及以后版本的默认加密方式变了,变成了 caching_sha2_password # mysql 8.0 之前 版本的默认加密方式是 mysql_native_password # ----------解决办法 # 修改root用户的加密方式为 mysql_native_password ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'rootPASSWORD'; # mysql创建一个新用户,设置密码加密方式为 mysql_native_password,并授予其所有权限 CREATE USER 'newUser'@'localhost' IDENTIFIED WITH mysql_native_password BY 'newPassWord'; GRANT ALL PRIVILEGES ON *.* TO 'newUser'@'localhost'; # 上述用户名后面跟的是localhost,目的是只允许连到本地才能进行访问,不能远程访问,如何才能远程访问? # 用%替换localhost,如下: CREATE USER 'newUser'@'%' IDENTIFIED WITH mysql_native_password BY 'newPassWord'; GRANT ALL PRIVILEGES ON *.* TO 'newUser'@'%';
