For programs that use the MySQL client library (for example, mysql and mysqldump), MySQL supports connections to the server based on several transport protocols: TCP/IP, Unix socket file, named pipe, and shared memory. 对于使用MySQL客户端库的程序(例如mysql和mysqldump),MySQL支持基于多种传输协议连接到服务器:TCP/IP、Unix套接字文件、命名管道和共享内存。This section describes how to select these protocols, and how they are similar and different.本节介绍如何选择这些协议,以及它们的相似性和不同性。
For a given connection, if the transport protocol is not specified explicitly, it is determined implicitly. 对于给定的连接,如果没有显式指定传输协议,则隐式确定。For example, connections to 例如,连接到localhost result in a socket file connection on Unix and Unix-like systems, and a TCP/IP connection to 127.0.0.1 otherwise. localhost会导致Unix和类Unix系统上的套接字文件连接,否则会导致到127.0.0.1的TCP/IP连接。For additional information, see Section 4.2.4, “Connecting to the MySQL Server Using Command Options”.有关更多信息,请参阅第4.2.4节,“使用命令选项连接到MySQL服务器”。
To specify the protocol explicitly, use the 要明确指定协议,请使用--protocol command option. --protocol命令选项。The following table shows the permissible values for 下表显示了--protocol and indicates the applicable platforms for each value. --protocol的允许值,并指出了每个值的适用平台。The values are not case-sensitive.这些值不区分大小写。
--protocol Value | ||
|---|---|---|
TCP | TCP/IP | All |
SOCKET | Unix socket file | |
PIPE | Named pipe | Windows |
MEMORY | Shared memory | Windows |
TCP/IP transport supports connections to local or remote MySQL servers.TCP/IP传输支持连接到本地或远程MySQL服务器。
Socket-file, named-pipe, and shared-memory transports support connections only to local MySQL servers. (Named-pipe transport does allow for remote connections, but this capability is not implemented in MySQL.)套接字文件、命名管道和共享内存传输仅支持连接到本地MySQL服务器。(命名管道传输确实允许远程连接,但MySQL中没有实现此功能。)
If the transport protocol is not specified explicitly, 如果没有明确指定传输协议,localhost is interpreted as follows:localhost的解释如下:
On Unix and Unix-like systems, a connection to 在Unix和类Unix系统上,连接到localhost results in a socket-file connection.localhost会导致套接字文件连接。
Otherwise, a connection to 否则,与localhost results in a TCP/IP connection to 127.0.0.1.localhost的连接将导致与127.0.0.1的TCP/IP连接。
If the transport protocol is specified explicitly, 如果明确指定了传输协议,则localhost is interpreted with respect to that protocol. localhost将根据该协议进行解释。For example, with 例如,使用--protocol=TCP, a connection to localhost results in a TCP/IP connection to 127.0.0.1 on all platforms.--protocol=TCP,在所有平台上,连接到localhost会导致连接到127.0.0.1的TCP/IP。
TCP/IP and socket-file transports are subject to TLS/SSL encryption, using the options described in Command Options for Encrypted Connections. TCP/IP和套接字文件传输受TLS/SSL加密的约束,使用加密连接的命令选项中描述的选项。Named-pipe and shared-memory transports are not subject to TLS/SSL encryption.命名管道和共享内存传输不受TLS/SSL加密的约束。
A connection is secure by default if made over a transport protocol that is secure by default. Otherwise, for protocols that are subject to TLS/SSL encryption, a connection may be made secure using encryption:如果通过默认安全的传输协议建立连接,则默认情况下连接是安全的。否则,对于受TLS/SSL加密约束的协议,可以使用加密使连接安全:
TCP/IP connections are not secure by default, but can be encrypted to make them secure.默认情况下,TCP/IP连接是不安全的,但可以加密以使其安全。
Socket-file connections are secure by default. They can also be encrypted, but encrypting a socket-file connection makes it no more secure and increases CPU load.默认情况下,套接字文件连接是安全的。它们也可以加密,但加密套接字文件连接不会使其更安全,还会增加CPU负载。
Named-pipe connections are not secure by default, and are not subject to encryption to make them secure. 默认情况下,命名管道连接是不安全的,并且不会进行加密以使其安全。However, the 但是,named_pipe_full_access_group system variable is available to control which MySQL users are permitted to use named-pipe connections.named_pipe_full_access_group系统变量可用于控制允许哪些MySQL用户使用命名管道连接。
Shared-memory connections are secure by default.默认情况下,共享内存连接是安全的。
If the 如果启用了require_secure_transport system variable is enabled, the server permits only connections that use some form of secure transport. require_secure_transport系统变量,则服务器只允许使用某种形式的安全传输的连接。Per the preceding remarks, connections that use TCP/IP encrypted using TLS/SSL, a socket file, or shared memory are secure connections. 根据前面的说明,使用TLS/SSL加密的TCP/IP、套接字文件或共享内存的连接是安全的连接。TCP/IP connections not encrypted using TLS/SSL and named-pipe connections are not secure.未使用TLS/SSL加密的TCP/IP连接和命名管道连接是不安全的。
See also Configuring Encrypted Connections as Mandatory.另请参阅将加密连接配置为强制连接。
All transport protocols are subject to use of compression on the traffic between the client and server. 所有传输协议都会对客户端和服务器之间的流量进行压缩。If both compression and encryption are used for a given connection, compression occurs before encryption. 如果压缩和加密都用于给定的连接,则压缩发生在加密之前。For more information, see Section 4.2.8, “Connection Compression Control”.有关更多信息,请参阅第4.2.8节,“连接压缩控制”。