How to use Go language to audit data permissions of MySQL database
With the continuous development of the Internet, the use of databases is becoming more and more widespread. In enterprises, the management of data permissions has also become an issue that cannot be ignored. Therefore, how to review and manage data permissions has become a problem that enterprises must face. This article will introduce how to use Go language to audit data permissions of MySQL database.
1. Introduction to MySQL database permissions
In the MySQL database, user permissions can be divided into four types: Global (global), Database (database), Table (data table) and Column ( column), respectively representing access rights to the entire MySQL server, a certain database, a certain data table and a certain column.
Global permissions are the highest permissions, granting users permission to operate on the entire MySQL server; Database permissions indicate that users can operate on a certain database; Table permissions indicate that users can operate on a certain data table Permission to operate on a certain column; Column permission only allows operations on a certain column.
2. Connection between Go language and MySQL database
Using Go language to operate MySQL database requires the use of third-party libraries provided by Go language, such as go-sql-driver/mysql. The installation method is as follows:
go get -u github.com/go-sql-driver/mysql
Then, you need to use the following code to connect to the MySQL database in Go language:
import(
"database/sql"
_ "github.com/go-sql-driver/mysql"
)
func main(){
db, err := sql.Open("mysql", "root:password@tcp(127.0.0.1:3306)/mydb")
if err != nil {
log.Fatal(err.Error())
}
defer db.Close()
}Among them, the first parameter "mysql" means using the MySQL database, and the second parameter In "root:password@tcp(127.0.0.1:3306)/mydb", root represents the user name, password represents the password, 127.0.0.1 represents the IP address of the database, 3306 represents the port number of the MySQL database, and mydb represents the name of the database to be connected. . Next, use the defer statement to close the database connection.
3. Go language to implement MySQL database permission audit
- Query user permissions
Use the following SQL statement to query the permissions owned by the user:
SELECT * FROM mysql.user WHERE User = 'username' AND Host = 'host';
Among them, username represents the user name to be queried, and host represents the host address.
The code for querying user permissions in Go language is as follows:
func checkUserPermission(db *sql.DB, username string, host string) bool {
query := fmt.Sprintf("SELECT * FROM mysql.user WHERE User = '%s' AND Host = '%s'", username, host)
rows, err := db.Query(query)
if err != nil {
log.Fatal(err.Error)
}
defer rows.Close()
var user string
for rows.Next() {
err := rows.Scan(&user)
if err != nil {
log.Fatal(err.Error)
}
return true
}
return false
}Among them, db represents the MySQL database to be connected, username represents the user name to be queried, and host represents the host address.
First, use the fmt.Sprintf() method to construct the SQL statement. Then, use the db.Query() method to query the database and use the rows.Close() method to close the result set.
Next, in the loop, use the rows.Scan() method to scan each row of the result set. If the user's record is found, true is returned; otherwise, false is returned.
- Query database permissions
Use the following SQL statement to query the database permissions owned by the user:
SHOW GRANTS FOR 'username'@'host';
Query database permissions in Go language The code is as follows:
func checkDatabasePermission(db *sql.DB, username string, host string, database string) bool {
query := fmt.Sprintf("SHOW GRANTS FOR '%s'@'%s'", username, host)
rows, err := db.Query(query)
if err != nil {
log.Fatal(err.Error)
}
defer rows.Close()
for rows.Next() {
var grants string
err := rows.Scan(&grants)
if err != nil {
log.Fatal(err.Error)
}
if strings.Contains(grants, fmt.Sprintf("`%s`.*", database)) {
return true
}
}
return false
}Among them, db represents the MySQL database to be connected, username represents the user name to be queried, host represents the host address, and database represents the name of the database to be queried.
First, use the fmt.Sprintf() method to construct the SQL statement. Then, use the db.Query() method to query the database and use the rows.Close() method to close the result set.
Next, in the loop, use the rows.Scan() method to scan each row of the result set. If the found result contains the name of the database to be queried, true is returned; otherwise, false is returned.
- Query data table permissions
Use the following SQL statement to query the data table permissions owned by the user:
SHOW GRANTS FOR 'username'@'host' ON `database`.`table`;
Query data in Go language The code for table permissions is as follows:
func checkTablePermission(db *sql.DB, username string, host string, database string, table string) bool {
query := fmt.Sprintf("SHOW GRANTS FOR '%s'@'%s' ON `%s`.`%s`", username, host, database, table)
rows, err := db.Query(query)
if err != nil {
log.Fatal(err.Error)
}
defer rows.Close()
for rows.Next() {
var grants string
err := rows.Scan(&grants)
if err != nil {
log.Fatal(err.Error)
}
if strings.Contains(grants, "ALL PRIVILEGES") || strings.Contains(grants, "SELECT") {
return true
}
}
return false
}Among them, db represents the MySQL database to be connected, username represents the user name to be queried, host represents the host address, database represents the name of the database to be queried, and table represents the data to be queried. Table name.
First, use the fmt.Sprintf() method to construct the SQL statement. Then, use the db.Query() method to query the database and use the rows.Close() method to close the result set.
Next, in the loop, use the rows.Scan() method to scan each row of the result set. If the found result contains ALL PRIVILEGES or SELECT, return true; otherwise, return false.
4. Summary
This article introduces how to use Go language to conduct data permission audit of MySQL database. By writing relevant SQL query statements and using the third-party library provided by the Go language to connect to the MySQL database, the review and management of user permissions, database permissions, and data table permissions are realized. Using Go language to review data permissions on MySQL databases is convenient and efficient, and can help enterprises better manage and review database permissions.
The above is the detailed content of How to use Go language to audit data permissions of MySQL database. For more information, please follow other related articles on the PHP Chinese website!
Adding Users to MySQL: The Complete TutorialMay 12, 2025 am 12:14 AMMastering the method of adding MySQL users is crucial for database administrators and developers because it ensures the security and access control of the database. 1) Create a new user using the CREATEUSER command, 2) Assign permissions through the GRANT command, 3) Use FLUSHPRIVILEGES to ensure permissions take effect, 4) Regularly audit and clean user accounts to maintain performance and security.
Mastering MySQL String Data Types: VARCHAR vs. TEXT vs. CHARMay 12, 2025 am 12:12 AMChooseCHARforfixed-lengthdata,VARCHARforvariable-lengthdata,andTEXTforlargetextfields.1)CHARisefficientforconsistent-lengthdatalikecodes.2)VARCHARsuitsvariable-lengthdatalikenames,balancingflexibilityandperformance.3)TEXTisidealforlargetextslikeartic
MySQL: String Data Types and Indexing: Best PracticesMay 12, 2025 am 12:11 AMBest practices for handling string data types and indexes in MySQL include: 1) Selecting the appropriate string type, such as CHAR for fixed length, VARCHAR for variable length, and TEXT for large text; 2) Be cautious in indexing, avoid over-indexing, and create indexes for common queries; 3) Use prefix indexes and full-text indexes to optimize long string searches; 4) Regularly monitor and optimize indexes to keep indexes small and efficient. Through these methods, we can balance read and write performance and improve database efficiency.
MySQL: How to Add a User RemotelyMay 12, 2025 am 12:10 AMToaddauserremotelytoMySQL,followthesesteps:1)ConnecttoMySQLasroot,2)Createanewuserwithremoteaccess,3)Grantnecessaryprivileges,and4)Flushprivileges.BecautiousofsecurityrisksbylimitingprivilegesandaccesstospecificIPs,ensuringstrongpasswords,andmonitori
The Ultimate Guide to MySQL String Data Types: Efficient Data StorageMay 12, 2025 am 12:05 AMTostorestringsefficientlyinMySQL,choosetherightdatatypebasedonyourneeds:1)UseCHARforfixed-lengthstringslikecountrycodes.2)UseVARCHARforvariable-lengthstringslikenames.3)UseTEXTforlong-formtextcontent.4)UseBLOBforbinarydatalikeimages.Considerstorageov
MySQL BLOB vs. TEXT: Choosing the Right Data Type for Large ObjectsMay 11, 2025 am 12:13 AMWhen selecting MySQL's BLOB and TEXT data types, BLOB is suitable for storing binary data, and TEXT is suitable for storing text data. 1) BLOB is suitable for binary data such as pictures and audio, 2) TEXT is suitable for text data such as articles and comments. When choosing, data properties and performance optimization must be considered.
MySQL: Should I use root user for my product?May 11, 2025 am 12:11 AMNo,youshouldnotusetherootuserinMySQLforyourproduct.Instead,createspecificuserswithlimitedprivilegestoenhancesecurityandperformance:1)Createanewuserwithastrongpassword,2)Grantonlynecessarypermissionstothisuser,3)Regularlyreviewandupdateuserpermissions
MySQL String Data Types Explained: Choosing the Right Type for Your DataMay 11, 2025 am 12:10 AMMySQLstringdatatypesshouldbechosenbasedondatacharacteristicsandusecases:1)UseCHARforfixed-lengthstringslikecountrycodes.2)UseVARCHARforvariable-lengthstringslikenames.3)UseBINARYorVARBINARYforbinarydatalikecryptographickeys.4)UseBLOBorTEXTforlargeuns
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SublimeText3 Linux new version
SublimeText3 Linux latest version
