Last week, we began our discussion of MySQL database security. This week, we continue that discussion with user account management. The second of several parts, this article is excerpted from chapter 12 of the MySQL 5.0 Certification Guide, written by Paul Dubois et al. (Sams, 2005; ISBN: 0672328127).
By default, there is no limit on the number of times that a client can connect to the server or the number of queries it can issue. If that is not suitable, GRANT can establish limits on an account's resource consumption for the following characteristics:
The number of times per hour the account is allowed to connect to the server
The number of queries per hour the account is allowed to issue
The number of updates per hour the account is allowed to issue
Each of these resource limits is specified using an option in a WITH clause. The following example creates an account that can use the test database, but can connect to the server a maximum of only 10 times per hour. The account can issue 50 queries per hour, and at most 20 of those queries can modify data:
GRANT ALL ON test.* TO 'quinn'@'localhost'
IDENTIFIED BY 'SomePass'
WITH MAX_CONNECTIONS_PER_HOUR 10
The order in which you name the options in the WITH clause doesn't matter.
To reset an existing limit to the default of no limit, specify a value of zero. For example:
GRANT USAGE ON *.* TO 'quinn'@'localhost'
WITH MAX_CONNECTIONS_PER_HOUR 0;
Please check back next week for the continuation of this article.