diff --git a/04ModelDesign/Homework.txt b/04ModelDesign/Homework.txt new file mode 100644 index 0000000..59f6684 --- /dev/null +++ b/04ModelDesign/Homework.txt @@ -0,0 +1,60 @@ +Q1. When would you use a weak entity? + + One would use a weak entity to represent an entity that cannot be uniquely + identified by its attributes alone. + + A weak entity requires additional attributes, typically in the form of one + (or more) foreign key(s) to uniquely identify it in the context of the + overall database. + + In the folowing simple example, the childA and childB entities are weak + entities, each requiring a (foreign key) attribute from the strong parent + entity to generate the primary key for each child entity key. + + +--------+ + +--> parent <--+ + | +--------+ | + | | + +--+-----+ +--+-----+ + | childA | | childB | + +--------+ +--------+ + + +Q2. Is it better to use entities instead of attributes? + + Typically, it is better to use entities instead of attributes, but you + should ask yourself the following questions regarding the nature of the + object before making the final decision: + + If the object is of direct interest to the database, it should be an entity. + And any information that describes it should be stored in attributes of + that entity. + + If the object has components of its own, we must find a way of representing + those components; a separate entity might be the best solution. + + If the object can have multiple instances, we must find a way to store + data on each instance. The cleanest way to do this is to represent the + object as a separate entity. + + If the object is often nonexistent or unknown, it is effectively an + attribute of only some of the entities, and it would be better to model + it as a separate entity rather than as an attribute that is often empty. + +Q3. Alter and extend the music database ER model so that it can store + compilations, where a compilation is an album that contains tracks by two + or more different artists. + +A See Learning mysql 4-3.dia + +Q4. Create an ER diagram for an online media store using the following + requirements: + + o There are two types of product: music CDs and video DVDs. + o Customers can buy any number of each product. + o For each CD, store the title, the artist’s name, the label (publisher), + and the price. Also store the number, title, and length (in seconds) of + each track on the CD. + o For each video DVD, store the title the studio name, and the price. + +A See Learning mysql 4-4.dia diff --git a/04ModelDesign/Learning mysql 4-3.dia b/04ModelDesign/Learning mysql 4-3.dia new file mode 100644 index 0000000..633fa94 Binary files /dev/null and b/04ModelDesign/Learning mysql 4-3.dia differ diff --git a/04ModelDesign/Learning mysql 4-4.dia b/04ModelDesign/Learning mysql 4-4.dia new file mode 100644 index 0000000..005a4ad Binary files /dev/null and b/04ModelDesign/Learning mysql 4-4.dia differ diff --git a/05BasicSQL/homework.txt b/05BasicSQL/homework.txt index e469fbf..26cf321 100644 --- a/05BasicSQL/homework.txt +++ b/05BasicSQL/homework.txt @@ -22,28 +22,88 @@ in the WHERE. If you put the join clauses in the JOIN part, it's way more readab 1) Use one or more SELECT statements to find out how many tracks are on New Order's Brotherhood album. + SELECT COUNT(track_id) FROM music.track INNER JOIN music.album USING (artist_id,album_id) + WHERE (SELECT artist_id FROM music.artist WHERE artist_name = "New Order") + AND album_name = "Brotherhood"; + 2) Using a join, list the albums that we own by the band New Order -3) With INSERT statements, add the artist Leftfield to the database. -For this new artist, add the album "Leftism" that has the following tracks: -a. Release the Pressure (Time: 7.39) -b. Afro-Melt (Time: 7.33) -c. Melt (Time: 5.21) -d. Song of Life (Time: 6.55) -e. Original (Time: 6.00) -f. Black Flute (Time: 3.46) -g. Space Shanty (Time: 7.15) -h. Inspection Check One (Time: 6.30) -i. Storm 3000 (Time: 5.44) -j. Open Up (Time: 6.52) -k. 21st Century Poem (Time: 5.42) -l. Bonus Track (Time: 1.22) - -The answer to this question should be the INSERT statement(s). + SELECT album_name FROM music.album INNER JOIN music.artist USING (artist_id) + WHERE artist_name = "New Order" ORDER BY album.album_name; + +3) With INSERT statements, add the artist Leftfield to the database. + + For this new artist, add the album "Leftism" that has the following tracks: + + a. Release the Pressure (Time: 7.39) + b. Afro-Melt (Time: 7.33) + c. Melt (Time: 5.21) + d. Song of Life (Time: 6.55) + e. Original (Time: 6.00) + f. Black Flute (Time: 3.46) + g. Space Shanty (Time: 7.15) + h. Inspection Check One (Time: 6.30) + i. Storm 3000 (Time: 5.44) + j. Open Up (Time: 6.52) + k. 21st Century Poem (Time: 5.42) + l. Bonus Track (Time: 1.22) + + The answer to this question should be the INSERT statement(s). + + SELECT 1+MAX(artist_id) FROM music.artist; + INSERT INTO music.artist VALUES(7, "Leftfield"); + + INSERT INTO music.track VALUES + (0, "Release the Pressure", 7, 0, 7.39), + (1, "Afro-Melt", 7, 0, 7.33), + (2, "Melt", 7, 0, 5.21), + (3, "Song of Life", 7, 0, 6.55), + (4, "Original", 7, 0, 6.00), + (5, "Black Flute", 7, 0, 3.46), + (6, "Space Shanty", 7, 0, 7.15), + (7, "Inspection Check One", 7, 0, 6.30), + (8, "Storm 3000", 7, 0, 5.44), + (9, "Open Up", 7, 0, 6.52), + (10, "21st Century Poem", 7, 0, 5.42), + (11, "Bonus Track", 7, 0, 1.22); + + INSERT INTO music.played VALUES + (7, 0, 0, DEFAULT), + (7, 0, 1, DEFAULT), + (7, 0, 2, DEFAULT), + (7, 0, 3, DEFAULT), + (7, 0, 4, DEFAULT), + (7, 0, 5, DEFAULT), + (7, 0, 6, DEFAULT), + (7, 0, 7, DEFAULT), + (7, 0, 8, DEFAULT), + (7, 0, 9, DEFAULT), + (7, 0, 10, DEFAULT), + (7, 0, 11, DEFAULT); 4) How long in minutes is the Leftism album you added in Question 3? Hint: use the SUM() aggregate function. + SELECT SUM(time) FROM music.track WHERE artist_id = 7 AND album_id = 0; + OR + SELECT SEC_TO_TIME(SUM(time) * 60) FROM music.track + WHERE artist_id = 7 AND album_id = 0; + 5) Change the time for the Original track on the Leftism album to 6.22. + UPDATE music.track SET time = 6.22 + WHERE artist_id = 7 + AND album_id = 0 + AND track_name = "Original"; + 6) Remove the 'Bonus Track' from the Leftism album, + + DELETE FROM music.played + WHERE (album_id, track_id) IN + (select album_id,track_id FROM track + WHERE track_name = "Bonus Track"); + + DELETE FROM music.track + WHERE artist_id = 7 + AND album_id = 0 + AND track_name = "Bonus Track"; \ No newline at end of file diff --git a/06DBStructures/homework.txt b/06DBStructures/homework.txt index 8d25c8a..26b4927 100644 --- a/06DBStructures/homework.txt +++ b/06DBStructures/homework.txt @@ -1,32 +1,183 @@ -Chapter 6 Homework +Chapter 6 Homework All exercises here concern the music database. -1. You’ve decided to store more information about artists and albums. Specifically, -for artists, you want to store the names of people who have worked with the artist -(for example, vocalists, guitarists, trumpeters, and drummers), when they began -working with the artist, and when they stopped working with the artist (if they -have done so). +1 (a) You’ve decided to store more information about artists and albums. + Specifically, for artists, you want to store the names of people who + have worked with the artist (for example, vocalists, guitarists, + trumpeters, and drummers), when they began working with the artist, + and when they stopped working with the artist (if they have done so): -For albums, you want to store the name of the album producer, when the album -was released, and where the album was recorded. Design tables or columns that -can store this information, and explain the advantages and disadvantages of your -design. Choose the column types you need, explaining the advantages and disad- -vantages of your choices. + create table sideman ( + artist_id SMALLINT(5) NOT NULL DEFAULT 0, + sideman_id SMALLINT(5) NOT NULL DEFAULT 0, + sideman_name CHAR(128) DEFAULT NULL, + sideman_role CHAR(128) DEFAULT NULL, + started_working DATE NOT NULL DEFAULT 0, + stopped_working DATE NOT NULL DEFAULT 0, + PRIMARY KEY (artist_id,sideman_id) + ); -2. There are five types for storing temporal data: DATETIME, DATE, TIME, YEAR, and -TIMESTAMP. Explain what each is used for, and give an example of a situation in -which you would choose to use it. Note that http://palominodb.com/blog/2011/05/23/datetime-vs-timestamp -has some useful information too. + For each one artist, there are N possible sidemen (male or female). -3. You’ve decided to use the AUTO_INCREMENT feature. List the three requirements that -must be met by the column you’re applying it to. + As a result, a sideman table should be created, which includes the + following information: + + - name of the sideman + - their role (vocalist, guitarist, drummer, ...) + - when they started working with the artist + - when they stopped working with the artist + + The above "create table" statement creates a table with those columns + and more: + + - artist_id - small integer (SMALLINT) which identifies the artist that + this sideman worked with. The column type is the same as + the artist_id column in the artist table for table indexing + purposes. + - sideman_id - small integer (SMALLINT) which uniquely identifies the + sideman. Value of the column is 0-65535, suffient to + identify an individual sideman + - sideman_name - first and last name of the side man. 128 bytes is large + enough to identify them using "FirstName LastName" and + small enough to allow mysql server to efficiently skip + over table rows. + - sideman_role - what role the sideman performs. 128 bytes is large + enough to specify their role and small enough to allow + mysql server to efficiently skip over table rows. + - started_working - date the sideman started working with the artist in + YYYY-MM-DD format. Summarizes desired information. + - stopped_working - date the sideman stopped working with the artist in + YYYY-MM_DD format. Summarizes desired information. + + The primary key for the table is a composite of the "artist_id" and + "sideman_id" columns. + + The primary disadvantage of adding and populating the table is that + it will increase the size of the database. + + It's primary advantage is that it succinctly specifies the desired + sideman information in minimal database size and used disk space. + + (b) For albums, you want to store the name of the album producer, when the + album was released, and where the album was recorded. Design tables or + columns that can store this information, and explain the advantages and + disadvantages of your design. Choose the column types you need, + explaining the advantages and disadvantages of your choices. + + In order to store the name of the album producer, when the album was + released and where it was recorded, it is best to add that information + to the existing album table. + + This can be done by appending the following columns to the table: + + - producer_name CHAR(128) DEFAULT NULL + - release_date DATE DEFAULT 0 + - recorded_site CHAR(128) DEFAULT NULL + + or dropping and recreating the table with those columns: + + create table album ( + artist_id SMALLINT(5) NOT NULL DEFAULT 0, + album_id SMALLINT(4) NOT NULL DEFAULT 0, + album_name CHAR(128) DEFAULT NULL, + producer_name CHAR(128) DEFAULT NULL, + release_date DATE DEFAULT 0, + recorded_site CHAR(128) DEFAULT NULL, + PRIMARY KEY (artist_id,album_id) + ); + + The 128 byte producer_name column is large enough to contain the + "FirstName LastName" of the producer. + + The release date summarizes the albums release date in YYYY-MM-DD format, + which is what we want. + + The 128 byte recorded site (where the album was recorded) column is large + enough to contain the name of the studio or town/city where the album was + recorded. + + The primary disadvantage of adding these columns to the album table is + that it will increase the size of the database. + + But the inclusion of these columns commits data that may be valuable to + the end user. + +2. There are five types for storing temporal data: DATETIME, DATE, TIME, YEAR, + and TIMESTAMP. Explain what each is used for, and give an example of a + situation in which you would choose to use it. Note that + http://palominodb.com/blog/2011/05/23/datetime-vs-timestamp has some useful + information too. + + DATETIME - Stores and displays a date and time in the format "YYYY-MM-DD + HH:MM:SS" for the range 1000-01-01 00:00:00 to 9999-12-31 + 23:59:59. It can be input to a mysql table in multiple forms, + but is stored internally as YYYY-MM-DD HH:MM:SS. + + Such a column in a mysql table row would be useful for tracking + the delivery of parcel or package. + + DATE - Stores and displays a date in the format YYYY-MM-DD for the range + 1000-01-01 to 9999-12-31. Dates must always be input as year, month, + and day triples, but the format of the input can vary. + + Such a column in a mysql table row would be useful for tracking the + date when a person was born and when they died. + + TIME - Stores a time in the format HHH:MM:SS for the range -838:59:59 to + 838:59:59. Times must always be input in the order days, hours, + minutes, and seconds, using the following formats: + + DD HH:MM:SS, HH:MM:SS, DD HH:MM, HH:MM, DD HH, or SS + + Such a column in a mysql table row would be useful for tracking the + time to complete a run. + + YEAR - Stores the year in two-digit or four-digit format. + + Such a column in a mysql table row would be useful for tracking the + year a car was manufactured. + + TIMESTAMP - Stores and displays a date and time pair in the format + "YYYY-MM-DD HH:MM:SS" for the range 1970-01-01 00:00:00 to + sometime in 2037. + + This column type is similar to DATETIME, but provides an auto- + update to the current date functionality, which is useful. + + Because of this auto-update functionality, this column type is + useful in any situation when you wish to record the time when + another element in the table row is added or updated. + + For example, when the status of a flight has changed. + +3. You’ve decided to use the AUTO_INCREMENT feature. List the three + requirements that must be met by the column you’re applying it to. + + The AUTO_INCREMENT feature has the following requirements: + + o The column it is used on must be indexed. + o The column that is it used on cannot have a DEFAULT value. + o There can be only one AUTO_INCREMENT column per table. 4. Why can only one column in a table have the AUTO_INCREMENT feature? + MySQL’s proprietary AUTO_INCREMENT feature allows you to create a unique + identifier for a table row. + + Consequently, if a table had two (or more) table indexes with the + AUTO_INCREMENT feature, it may no longer have a unique value to identify + each row. + 5. Using the monitor, create a table with the following statement: -mysql> CREATE TABLE exercise (field1 INT(3)); -Using the ALTER TABLE statement, make field1 the primary key, carrying out any -additional steps you need to make this possible. Add a second column, field2, of -type CHAR(64) with a DEFAULT 5 clause. Create an index on a prefix of 10 characters -from field2. + + mysql> CREATE TABLE exercise (field1 INT(3)); + + Using the ALTER TABLE statement, make field1 the primary key, carrying out any + additional steps you need to make this possible. Add a second column, field2, of + type CHAR(64) with a DEFAULT 5 clause. Create an index on a prefix of 10 characters + from field2. + + ALTER TABLE exercise ADD PRIMARY KEY (field1); + ALTER TABLE exercise ADD field2 CHAR(64) DEFAULT 5; + ALTER TABLE exercise ADD INDEX (field2(10)); diff --git a/07AdvancedQuerying/exercises.txt b/07AdvancedQuerying/exercises.txt index 83fbce4..349eca4 100644 --- a/07AdvancedQuerying/exercises.txt +++ b/07AdvancedQuerying/exercises.txt @@ -8,18 +8,95 @@ For these exercises, use the "music" database. 1) Write a JOIN query that displays the name of each artist and the albums they've made. Alongside the album, display the number of tracks on the album. + SELECT artist_name,album_name,COUNT(*) FROM artist + INNER JOIN album USING (artist_id) + INNER JOIN track USING (artist_id, album_id) + GROUP BY album.artist_id,album.album_id; + 2) Repeat Question 1, but now display only those albums that have more than 10 tracks + SELECT artist_name,album_name,COUNT(*) FROM artist + INNER JOIN album USING (artist_id) + INNER JOIN track USING (artist_id, album_id) + GROUP BY album.artist_id,album.album_id + HAVING COUNT(*) > 10; + 3) Repeat Question 1, but write it as a nested query. + SELECT artist_name, album_name, COUNT(*) FROM + (SELECT artist_id, album_id, artist_name, album_name FROM artist + INNER JOIN album USING (artist_id) + INNER JOIN track USING (artist_id, album_id)) AS a + GROUP BY artist_id, album_id; + 4) What are the four types of nested queries? For each type, write a sample query on the music database. Try to use different keywords in each query, selecting from ANY, ALL, EXISTS (or NOT EXISTS) and IN (or NOT IN). + The four types are: + + 1. ANY (or SOME) + + o List all albums by any artist whose name begins with "The": + + SELECT album_name FROM album WHERE artist_id = ANY + (SELECT artist_id FROM artist WHERE artist_name LIKE "The%"); + + 2. ALL + + o List all albums by artists whose name does not begin with "The", + in alphabetical order: + + SELECT album_name FROM album WHERE artist_id != ALL + (SELECT artist_id FROM artist WHERE artist_name LIKE 'the%') + GROUP BY album_name; + + 3. EXISTS + + o If there is any data in the artist table, display the name of all + albums in alphabetical order: + + SELECT album_name FROM album WHERE EXISTS + (SELECT * FROM artist) GROUP BY album_name; + + 4. IN + + o List all albums by any artist whose name begins with "The": + + SELECT album_name FROM + artist INNER JOIN album USING (artist_id) WHERE artist_name IN + (SELECT artist_name FROM artist WHERE artist_name LIKE "The%") + GROUP BY album_name; + + 5) What is the difference between an INNER JOIN, a LEFT JOIN, and a RIGHT JOIN? Does the the order of tables matter in an INNER JOIN? Why or why not? + The syntax of an INNER JOIN is "table1 INNER JOIN table2". + + THe INNER JOIN combines the rows of the two tables together to form a new + table. The rows of the tables are joined only if the value of one (or + more) user-specified columns are the same in both tables. If the values + of the column(s) are not the same, the table rows are not combined and + added to the new table. + + Since the INNER JOIN joins the two tables based on the criteria of user + specified columns both existing and having the same value in both tables, + table1 and table2 can be exchanged without changing the behavior of the + join command. + + Unlike the INNER JOIN, both the LEFT JOIN and RIGHT JOIN do behave + differently if the order of the tables is reversed. + + In a LEFT JOIN, the syntax is "left LEFT JOIN right". Each row in the left + table is processed and displayed. If the corresponding data in the right + table is available, it is displayed. Otherwise, NULL is displayed. + + In a RIGHT JOIN, the syntax is "left RIGHT JOIN right". Each row in the + right table is processed and displayed. If the corresponding data in the + left table is available, it is displayed. Otherwise, NULL is displayed. + 6) Why do these queries give different results? What does this tell you about using join conditions in the ON clause versus in the WHERE clause for LEFT (and RIGHT) JOINs? @@ -37,3 +114,48 @@ LEFT JOIN played ON (track.album_id=played.album_id) WHERE track.track_id=played.track_id AND track.artist_id=3 GROUP BY track_name, track.album_id; + +The two queries differ in their results for two reasons: + +(1) Both use different criteria in the USING clause for left joining the track + and played tables +(2) Both use different criteria for selecing the results of the join using the + WHERE clause. + +The first query left joins the track and played tables, attempting to find +rows in the played table where the track_id and album_id values from the +track table match the values of the same columns in the rows of the played +table. + +For each (track_id, album_id) value pair in the track table, there are zero +or one rows in the played table. + +Based on the join criteria specified by the USING clause and the contents of +both tables, the resulting left joined table contains 153 rows, one for each +track described in the track table. + +Of these 153 rows, 13 contain a track.artist_id column equal to three. + +The second query left joins the track and played tables, attemting to find +rows in the played table where the album_id value from the track table matches +the value of the same column in the rows of the played table. + +For each album_id value in the track table, there are zero, one, or multiple +rows in the played table. + +Based on the join criteria specified by the USING clause and the contents of +both tables, the resulting left joined table contains 411 rows, one (or more) +for each track described in the track table. + +Of these 411 rows, 3 contain identical track.track_id and played.track_id +values as well as a track.artist_id value equal to three. + +So, what does this tell us? + +Both left and right joins should specify their join criteria using either the +ON or USING clauses. + +The WHERE clause is designed to select the results of an expression, such as +a left join based on specified criteria. The WHERE clause can be used instead +of an left (or right) join and to suppelment a join, but it can't be used to +specify the criteria to perform a join. diff --git a/08DoingMore/exercises.txt b/08DoingMore/exercises.txt index 17d26c9..839e92c 100644 --- a/08DoingMore/exercises.txt +++ b/08DoingMore/exercises.txt @@ -4,9 +4,40 @@ Exercises for Chapter 8 which has its values separated by tabs, into the details table. Hint: the tab character is shown with the \t escape sequence. + LOAD DATA INFILE 'academics.tsv' INTO + TABLE details FIELDS TERMINATED BY '\t'; + 2) When would you need to insert data using a query? -3) What’s the difference between REPLACE and INSERT IGNORE? + You would need to insert data using a query, when you're creating or + updating a table in the current (or another database) based on the + data in another table. + + For example, I can use a such a combination to create a new database table + (named 'myalbums'), which contains the names of the albums I own, and the + artists that released them, using two MySQL commands: + + CREATE TABLE myalbums ( + artist_id SMALLINT(5) NOT NULL DEFAULT 0, + album_id SMALLINT(5) NOT NULL DEFAULT 0, + artist_name CHAR(128) DEFAULT NULL, + album_name CHAR(128) DEFAULT NULL, + PRIMARY KEY (artist_id, album_id) + ); + + INSERT INTO myalbums (artist_id, album_id, artist_name, album_name) + SELECT artist_id, album_id, artist_name, album_name FROM artist + INNER JOIN album USING (artist_id) GROUP BY artist_id;s + +3) What's the difference between REPLACE and INSERT IGNORE? + + If you try to insert a row of data with a duplcate primary key into a + table, REPLACE deletes tne existing row and replaces it with a new one. + + If you try to insert a row of data with a duplcate primary key into a + table, INSERT IGNORE will silently refuse to do so, and retain the old + table row. + 4) What can you tell from this output produced by the EXPLAIN command? @@ -26,6 +57,48 @@ which has its values separated by tabs, into the details table. ... +---------+-------+------+------------------------------------+ 3 rows in set (0.00 sec) + The three rows indicate that three tables are being combined using a SQL + join: + + o supervisor table + o student table + o supervises table + + The 'supervisor' table has a four-byte primary key, likely a supervisor_id + integer field, which is being compared against a numeric constant. For + example: + + select supervisor_id from supervisor where supervisor_id = 0; + + The 'student' table has 95 rows, but it's not clear if it has a primary key. + + The 'supervises' table has 570 rows and a twelve-byte primary key. Based on + the size of the primary key, it's likely three four-byte integer combined, + possibly a supervisor_id, student_id and course_id. + + The number of rows in the 'supervises' table is evenly divisible by the + number of rows in the 'student' table: 570/95 = 6. + + This suggests that there are 6 supervisors, one for each of the 6 courses + each student has registered in. + + It's not clear how the 'student' and 'supervises' table are nbeing joined. + + Based on the lack of a reference type in the 'ref' column and the large + number of rows in the 'rows' column, the tables are being joined without + using their primary index. + + The 'Using where' phrase in the 'Extra' column of the last row indicate that + two of the tables were INNER JOINed using the ON keyword: + + select COLUMN(S) from supervisor INNER JOIN supervises ON (supervisor_id) + + or the results of joined tables are filtered using the WHERE keyword. + + The 'Distinct' keyword in the 'Extra' column of the last row indicates that + the 'DISTINCT' keyword is used to remove any duplicates from + the output of a SELECT statement. + 5) What can you tell from this output produced by the EXPLAIN command? +-----+--------------+------------+--------+---------------+---------+---------+... @@ -57,4 +130,23 @@ which has its values separated by tabs, into the details table. ...+-----------------------------+ 5 rows in set (0.01 sec) +Combine the played and track tables (from the music database) based on their +common fields: + +o artist_id +o album_id +o track_id + +then use separate SELECT statements to alphabetically determine the first three +and last three track names. + +Lastly, combine the results of both SELECTs using the UNION keyword. + +EXPLAIN (SELECT track_name, time FROM played + INNER JOIN track USING (artist_id, album_id, track_id) + ORDER BY track_name ASC LIMIT 3) + UNION + (SELECT track_name, time FROM played + INNER JOIN track USING (artist_id, album_id, track_id) + ORDER BY track_name DESC LIMIT 3); diff --git a/09Privileges/exercises.txt b/09Privileges/exercises.txt index 8602003..c3dd14e 100644 --- a/09Privileges/exercises.txt +++ b/09Privileges/exercises.txt @@ -1,16 +1,38 @@ Exercises for chapter 9 -1) What’s the difference between a local and a remote user? +1) What's the difference between a local and a remote user? + A local user connects to the mysql server on the local host using a + hostname of "localhost", the hostname of the host, the IP address + 127.0.0.1 or the IP address of the host. + + A remote user connects to the mysql server from any host other than the + host whwre the mysql server is running. + 2) When would you grant only read access to a user? -3) Write a GRANT statement to create a user, rowena, who has privileges to execute -SELECT, UPDATE, and INSERT statements on the contacts and appointment databases. -The user should be allowed to access the server from machines in the domain invyhome.com. + You should grant only read access to a user when they have no requirement + modify the databases hosted by the mysql server + +3) Write a GRANT statement to create a user, rowena, who has privileges to + execute SELECT, UPDATE, and INSERT statements on the contacts and + appointment databases. + + The user should be allowed to access the server from machines in the domain + invyhome.com. + + GRANT SELECT,UPDATE,INSERT ON contacts.* + TO 'rowena'@'%.invyhome.com'; + GRANT SELECT,UPDATE,INSERT ON appointment.* + TO 'rowena'@'%.invyhome.com'; -4) Write a GRANT statement that modifies the privileges of the user rowena created in -Question 3. Add privileges to SELECT from the customer table in the sales database, and to -SELECT the debtor column from the invoice table in the accounts database. +4) Write a GRANT statement that modifies the privileges of the user rowena + created in Question 3. Add privileges to SELECT from the customer table in + the sales database, and to SELECT the debtor column from the invoice table + in the accounts database. + + GRANT SELECT ON sales.customer TO 'rowena'@'%.invyhome.com'; + GRANT SELECT (debtor) ON accounts.invoice TO 'rowena'@'%.invyhome.com'; 5) Three GRANT statements have been issued on your MySQL server: @@ -18,23 +40,76 @@ SELECT the debtor column from the invoice table in the accounts database. GRANT SELECT, UPDATE, INSERT, DELETE ON *.* TO 'hugh'@'%invyhome.com'; GRANT SELECT ON *.* TO ''@'localhost'; - For each of the following attempts to connect to the server, state whether the connection is allowed and, if so, which user the client is connected as. Assume all connections are attempted from localhost: + For each of the following attempts to connect to the server, state whether + the connection is allowed and, if so, which user the client is connected + as. Assume all connections are attempted from localhost: a) mysql --user=hugh --host=localhost + If the fully-qualified name of "localhost" is hugh.invyhome.com, the + user hugh will match the first GRANT statement and login as + "hugh@localhost". + + Otherwise, the user "hugh" will match the third entry and login as the + anonymous user ''@localhost. + b) mysql --user=fred + The user "fred" will match the third entry and login as the anonymous + user ''@localhost. + c) mysql -6) You’ve been employed to evaluate the security of a MySQL installation. Assuming that you’re -already satisfied with the security configuration from the physical and operating system -perspective, list four things that you’d check about the MySQL server. For each item, explain -why you would check it and what you would expect the outcome to be. + The mysql monitor will match the third entry and login as the anonymous + user ''@localhost. + +6) You've been employed to evaluate the security of a MySQL installation. + Assuming that you're already satisfied with the security configuration from + the physical and operating system perspective, list four things that you'd + check about the MySQL server. For each item, explain why you would check it + and what you would expect the outcome to be. + + The four things I would do is: + + (1) Ensure that the mysql root user has a secure password. In an out of the + box system, the mysql root password is blank. Since the root user has + read/write access to all databases, can create and remove users, can + grant and revoke access, it is vital that a secure password be assigned + the the account. + + (2) Ensure a minimal number of mysql accounts for those applications or + users have proven that they require access. For those accounts that + are created, only assign the minimum access rights that they require. + For example, if a user requires only read access to a database, + specific tables within a database or specific columns within specific + database tables, there is no need to grant write access such as the + ability to insert or delete records from a database. + + Minimizing both the number of mysql accounts that can access the + databases and the access rights of those accounts lowers the chances + of an accidental or malicious issue with the server and its data. + + (3) Remove remnte access. Where possible, decrease the number of hosts that + are allowed to connect to the mysql server. Ideally, connections should + only be allowed from users on the local host. + + Removing remote access to the mysql server removes the chances tbat the + mysql server will be attacked and compromised by a remote client. + + (4) Remove anonymous access. If the mysql server has an anonymous user + account, any user can login without specifying a username. This + decreases the security of the server, which is bad. -7) You’ve recently installed a wireless access point for visitors to your office and configured -it so that machines that connect through it have IP addresses in the range 192.168.1.1 to -192.168.1.254. You’ve decided you want users who connect to your MySQL server from those IP -addresses to have only the SELECT privilege on the contacts database. What steps do you take -in your MySQL privilege tables to set this up? + In order to improve the security of the server, remove any anonymous + user accounts. +7) You've recently installed a wireless access point for visitors to your + office and configured it so that machines that connect through it have IP + addresses in the range 192.168.1.1 to 192.168.1.254. You've decided you want + users who connect to your MySQL server from those IP addresses to have only + the SELECT privilege on the contacts database. What steps do you take in + your MySQL privilege tables to set this up? + INSERT INTO host VALUES ('192.168.1.%','contacts', + 'Y','N','N','N','N','N','N','N','N','N','N','N'); + FLUSH PRIVILEGES;