Posted by Don Seiler on Jul 24, 2009
Having recently performed a test upgrade for a client from Oracle RDBMS 10g to 11g, I can tell you that one of the big changes that will likely require action on your part as DBA is the new fine-grained access control for the packages UTL_SMTP, UTL_TCP, UTL_MAIL, UTL_HTTP and UTL_INADDR. Part of the Oracle 11g pre-upgrade tool will notify you of users that will require new privileges.
Of course, Oracle’s post-upgrade network ACL setup documentation is much more confusing than it needs to be, at least for simple minds like me. A colleague stepped forward with a simple set of commands for a basic setup that even the tired and stressed can understand.
I’ll share that here, with some basic explanation:
Read the rest of this entry . . .
Posted by Sheeri Cabral on Sep 12, 2008
Scenario: Someone wants to know which of the over 50 MySQL users have certain privileges.
There are many ways to solve this problem. Some of these scenarios are tedious and repetitious, others take no time at all.
The issue, of course, lies in what the “certain” privileges are. If it is “who has the SUPER privilege?” then a simple
SELECT user,host FROM mysql.user WHERE Super_priv='Y';
is sufficient. If it is “who has write access to the foo database”, you might write:
SELECT user,host FROM db WHERE Db='foo' AND Select_priv='Y';
but that only shows who explicitly has read permissions on that database; it does not include those who have global read permissions. The full query would be:
Read the rest of this entry . . .
Posted by Sheeri Cabral on Mar 24, 2008
The answers to the last pop quiz are up: http://www.pythian.com/blogs/868/pop-quiz-mysql-cluster
So here’s another pop quiz. Given the following:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 16450949 to server version: 4.1.14-standard-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> select count(*),length(password) from mysql.user group by length(password);
+----------+------------------+
| count(*) | length(password) |
+----------+------------------+
| 49 | 16 |
| 31 | 41 |
+----------+------------------+
2 rows in set (0.00 sec)
mysql> select password('foo');
+-------------------------------------------+
| password('foo') |
+-------------------------------------------+
| *F3A2A51A9B0F2BE2468926B4132313728C250DBF |
+-------------------------------------------+
1 row in set (0.00 sec)
mysql> show variables like "old%";
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| old_passwords | OFF |
+---------------+-------+
1 row in set (0.00 sec)
Since the server has old_passwords set to OFF, you may think that you can delete all the entries in the mysql.user table whose passwords have a lenth of 16. So you do this for security’s sake, and then flush privileges, and none of your applications can connect to the server any more. You scratch your head, wondering how on earth those could even be used, because wouldn’t you get a “Client does not support authentication protocol” error if the old passwords were being used?
So, what is the answer to this question?
