0
  1. I use root to log in on local MySQL Server Machine 192.168.156.33 and create new user test for anonymous host % CREATE USER test IDENTIFIED BY 'password';
  2. I use client machine to log in with user test mysql -u test -h 192.168.156.33 -p
  3. I use server machine again to set test password account to expire by using ALTER USER 'test'@'%' PASSWORD EXPIRE; and use FLUSH PRIVILEGES; Notice that user test still log in on client machine
  4. User test in client machine still can use command: SHOW DATABASES, USE, SELECT,... without show warning to change password
  5. After I use command \r or (exit and log in back), and try to use command, it show warning to change password like normal

What I want is: How to stop user from use commands when set password to expire and show warning to them to change password without reconnect to server?

Picture

Nico Haase
  • 11,420
  • 35
  • 43
  • 69
Somethea Yuon
  • 1
  • 1
  • Would it be an option to kick the user? (Forcing him to reconnect, then he has to change the password) – Solarflare Oct 08 '21 at 06:46
  • *How to stop user from use commands when set password to expire and show warning to them to change password without reconnect to server?* Noway, password expire is checked only during the authentication. And you shouldn't force reconnection, it may in theory break current user's operation and cause logical data incorrectness. – Akina Oct 08 '21 at 07:04
  • Hello @Akina, if I don't do this, users can do something on sensitive data in our databases without permission. I test it also on GRANT and REVOKE privileges, but I test on this expire password first and I encounter the problem. – Somethea Yuon Oct 11 '21 at 03:57
  • Hello @Solarflare, yes it would be that. Do you have any solutions? – Somethea Yuon Oct 11 '21 at 03:58
  • *if I don't do this, users can do something on sensitive data in our databases without permission.* No. During authentication the user had the permission, hence the session obtains this permission. The fact that you have changed the permission for a user does not change the permission of the session. And the session may access the object which you had "protected". – Akina Oct 11 '21 at 04:41
  • @Akina How can I can session permission? – Somethea Yuon Oct 11 '21 at 06:02

0 Answers0