0
我們需要在主數據庫和從屬MySQL數據庫之間具有相同的用戶集合,但是要防止只讀用戶連接到主數據庫,並防止讀寫用戶連接到從數據庫。因此,我正在編寫登錄觸發器以防止某些用戶根據下表連接到MySql數據庫:有沒有辦法從登錄觸發器中徹底終止當前會話?
create table deny_login(user varchar(20),SLAVE_RUNNING varchar(3),deny varchar(1));
我使用「SLAVE_RUNNING」列來解釋如何區分觸發器內的主數據庫和從屬數據庫。
觸發器有效,但會話沒有正確終止。它斷開連接但嘗試重新連接等。是否有更簡潔的方式從觸發器中退出當前會話?
下面是表的內容以及觸發定義:
insert into deny_login values ('vlad','OFF', 'n');
insert into deny_login values ('joe','OFF','y');
insert into deny_login values ('[email protected]','OFF', 'n');
insert into deny_login values ('[email protected]','OFF','y');
insert into deny_login values ('[email protected]','ON','n');
create table test (user varchar(20), deny integer, connection integer);
grant insert, update,delete on test to vlad;
grant insert, update,delete on test to joe;
grant insert, update,delete on test to bill;
grant insert, update,delete on deny_login to vlad;
grant insert, update,delete on deny_login to joe;
grant insert, update,delete on deny_login to bill;
DROP PROCEDURE IF EXISTS login_trigger;
DELIMITER //
CREATE PROCEDURE login_trigger()
SQL SECURITY DEFINER
BEGIN
declare denied integer;
select count(*) into denied from test.deny_login p, information_schema.global_status s where p.user=user() and user not
like '%root%' and s.variable_name='SLAVE_RUNNING' and s.variable_value=p.SLAVE_RUNNING and deny='y';
insert into test values (user(),denied,connection_id());
commit;
if denied = 1 then
-- signal sqlstate '45000' set message_text = 'forbidden';
-- kill(connection_id());
call Fail('forbidden');
end if;
END;
//
DELIMITER ;
REVOKE EXECUTE ON PROCEDURE test.login_trigger FROM 'vlad'@'%';
GRANT EXECUTE ON PROCEDURE test.login_trigger TO 'vlad'@'%';
REVOKE EXECUTE ON PROCEDURE test.login_trigger FROM 'joe'@'%';
GRANT EXECUTE ON PROCEDURE test.login_trigger TO 'joe'@'%';
REVOKE EXECUTE ON PROCEDURE test.login_trigger FROM 'bill'@'%';
GRANT EXECUTE ON PROCEDURE test.login_trigger TO 'bill'@'%';
SET GLOBAL init_connect="";
SET GLOBAL init_connect="CALL test.login_trigger()";