MySQL stores accounts in the MySQL将user table of the mysql system database. user存储在MySQL系统数据库的user表中。An account is defined in terms of a user name and the client host or hosts from which the user can connect to the server. 帐户是根据用户名和用户可以从中连接到服务器的一个或多个客户端主机来定义的。For information about account representation in the 有关user table, see Section 6.2.3, “Grant Tables”.user表中帐户表示的信息,请参阅第6.2.3节“授权表”。
An account may also have authentication credentials such as a password. 帐户还可以具有身份验证凭据,例如密码。The credentials are handled by the account authentication plugin. 凭据由帐户身份验证插件处理。MySQL supports multiple authentication plugins. MySQL支持多个身份验证插件。Some of them use built-in authentication methods, whereas others enable authentication using external authentication methods. 其中一些使用内置的身份验证方法,而另一些使用外部身份验证方法启用身份验证。See Section 6.2.17, “Pluggable Authentication”.请参阅第6.2.17节“可插入身份验证”。
There are several distinctions between the way user names and passwords are used by MySQL and your operating system:MySQL和您的操作系统使用用户名和密码的方式有几个区别:
User names, as used by MySQL for authentication purposes, have nothing to do with user names (login names) as used by Windows or Unix. MySQL用于身份验证的用户名与Windows或Unix使用的用户名(登录名)无关。On Unix, most MySQL clients by default try to log in using the current Unix user name as the MySQL user name, but that is for convenience only. 在Unix上,默认情况下,大多数MySQL客户机尝试使用当前Unix用户名作为MySQL用户名登录,但这只是为了方便。The default can be overridden easily, because client programs permit any user name to be specified with a 默认值可以很容易地重写,因为客户机程序允许使用-u or --user option. -u或--user选项指定任何用户名。This means that anyone can attempt to connect to the server using any user name, so you cannot make a database secure in any way unless all MySQL accounts have passwords. 这意味着任何人都可以尝试使用任何用户名连接到服务器,因此除非所有MySQL帐户都有密码,否则您无法以任何方式确保数据库的安全。Anyone who specifies a user name for an account that has no password can connect successfully to the server.任何为没有密码的帐户指定用户名的人都可以成功连接到服务器。
MySQL user names are up to 32 characters long. MySQL用户名最长为32个字符。Operating system user names may have a different maximum length.操作系统用户名的最大长度可能不同。
The MySQL user name length limit is hardcoded in MySQL servers and clients, and trying to circumvent it by modifying the definitions of the tables in the MySQL用户名长度限制是在MySQL服务器和客户端中硬编码的,试图通过修改mysql database does not work.mysq;数据库中表的定义来规避它是行不通的。
You should never alter the structure of tables in the 您不应该以任何方式改变mysql database in any manner whatsoever except by means of the procedure that is described in Section 2.11, “Upgrading MySQL”. mysql数据库中表的结构,除非通过第2.11节“升级mysql”中描述的过程。Attempting to redefine MySQL's system tables in any other fashion results in undefined and unsupported behavior. 试图以任何其他方式重新定义MySQL的系统表会导致未定义和不受支持的行为。The server is free to ignore rows that become malformed as a result of such modifications.服务器可以随意忽略由于这些修改而导致格式错误的行。
To authenticate client connections for accounts that use built-in authentication methods, the server uses passwords stored in the 要对使用内置身份验证方法的帐户的客户端连接进行身份验证,服务器将使用存储在user table. user表中的密码。These passwords are distinct from passwords for logging in to your operating system. 这些密码与登录操作系统的密码不同。There is no necessary connection between the “external” password you use to log in to a Windows or Unix machine and the password you use to access the MySQL server on that machine.登录到Windows或Unix计算机时使用的“外部”密码与访问该计算机上的MySQL服务器时使用的密码之间没有必要的连接。
If the server authenticates a client using some other plugin, the authentication method that the plugin implements may or may not use a password stored in the 如果服务器使用其他插件对客户机进行身份验证,则插件实现的身份验证方法可能使用或不使用存储在用户表中的密码。user table. In this case, it is possible that an external password is also used to authenticate to the MySQL server.在这种情况下,也可能使用外部密码对MySQL服务器进行身份验证。
Passwords stored in the 存储在user table are encrypted using plugin-specific algorithms.user表中的密码使用特定于插件的算法进行加密。
If the user name and password contain only ASCII characters, it is possible to connect to the server regardless of character set settings. 如果用户名和密码仅包含ASCII字符,则无论字符集设置如何,都可以连接到服务器。To enable connections when the user name or password contain non-ASCII characters, client applications should call the 要在用户名或密码包含非ASCII字符时启用连接,客户端应用程序应调用mysql_options() C API function with the MYSQL_SET_CHARSET_NAME option and appropriate character set name as arguments. mysql_options()C API函数,并使用MYSQL_SET_CHARSET_NAME选项和适当的字符集名称作为参数。This causes authentication to take place using the specified character set. 这将导致使用指定的字符集进行身份验证。Otherwise, authentication fails unless the server default character set is the same as the encoding in the authentication defaults.否则,除非服务器默认字符集与身份验证默认值中的编码相同,否则身份验证将失败。
Standard MySQL client programs support a 标准的MySQL客户机程序支持--default-character-set option that causes mysql_options() to be called as just described. --default-character-set选项,该选项导致调用MySQL_options(),如前所述。In addition, character set autodetection is supported as described in Section 10.4, “Connection Character Sets and Collations”. 此外,如第10.4节“连接字符集和排序规则”所述,支持字符集自动检测。For programs that use a connector that is not based on the C API, the connector may provide an equivalent to 对于使用不基于C API的连接器的程序,连接器可能会提供一个等效于mysql_options() that can be used instead. mysql_options()的选项来代替它。Check the connector documentation.请检查连接器文档。
The preceding notes do not apply for 前面的注释不适用于不允许作为客户机字符集的ucs2, utf16, and utf32, which are not permitted as client character sets.ucs2、utf16和utf32。
The MySQL installation process populates the grant tables with an initial MySQL安装过程使用初始root account, as described in Section 2.10.4, “Securing the Initial MySQL Account”, which also discusses how to assign a password to it. root帐户填充授权表,如第2.10.4节“保护初始MySQL帐户”所述,该节还讨论了如何为其分配密码。Thereafter, you normally set up, modify, and remove MySQL accounts using statements such as 此后,通常使用CREATE USER, DROP USER, GRANT, and REVOKE. CREATE USER、DROP USER、GRANT和REVOKE等语句来设置、修改和删除MySQL帐户。See Section 6.2.8, “Adding Accounts, Assigning Privileges, and Dropping Accounts”, and Section 13.7.1, “Account Management Statements”.请参阅第6.2.8节“添加帐户、分配权限和删除帐户”和第13.7.1节“帐户管理报表”。
To connect to a MySQL server with a command-line client, specify user name and password options as necessary for the account that you want to use:要使用命令行客户端连接到MySQL服务器,请根据需要为要使用的帐户指定用户名和密码选项:
shell> mysql --user=finley --password db_name
If you prefer short options, the command looks like this:如果您喜欢短选项,则命令如下所示:
shell> mysql -u finley -p db_name
If you omit the password value following the 如果省略命令行上--password or -p option on the command line (as just shown), the client prompts for one. --password或-p选项后面的密码值(如图所示),则客户端会提示输入一个密码值。Alternatively, the password can be specified on the command line:或者,可以在命令行中指定密码:
shell>mysql --user=finley --password=shell>passworddb_namemysql -u finley -ppassworddb_name
If you use the 如果使用-p option, there must be no space between -p and the following password value.-p选项,则-p和后面跟随的密码值之间不能有空格。
Specifying a password on the command line should be considered insecure. 在命令行上指定密码应该被认为是不安全的。See Section 6.1.2.1, “End-User Guidelines for Password Security”. 参见第6.1.2.1节“密码安全的最终用户指南”。To avoid giving the password on the command line, use an option file or a login path file. 要避免在命令行上提供密码,请使用选项文件或登录路径文件。See Section 4.2.2.2, “Using Option Files”, and Section 4.6.7, “mysql_config_editor — MySQL Configuration Utility”.请参阅第4.2.2.2节“使用选项文件”和第4.6.7节“mysql_config_editor——MySQL配置实用工具”。
For additional information about specifying user names, passwords, and other connection parameters, see Section 4.2.4, “Connecting to the MySQL Server Using Command Options”.有关指定用户名、密码和其他连接参数的更多信息,请参阅第4.2.4节“使用命令选项连接到MySQL服务器”。