Max Queries Per Hour, Max Updates Per Hour and Max Connections Per Hour
These options limit the number of queries, updates, and logins a user can perform during any given one-hour period.
If they are set as 0 (the default), this means that there is no limitation for that user.
Max User Connection
This option limits the maximum number of simultaneous connections that the account can make.
If it is set as 0 (the default), the max_user_connections system variable determines the number
of simultaneous connections for the account.
Use OLD_PASSWORD encryption
The password hashing mechanism was updated in MySQL 4.1 to provide better security and to reduce the risk of passwords
being intercepted. However, this new mechanism is understood only by MySQL 4.1 (and newer) servers and clients,
which can result in some compatibility problems. A 4.1 or newer client can connect to a pre-4.1 server, because the
client understands both the old and new password hashing mechanisms. However, a pre-4.1 client that attempts to
connect to a 4.1 or newer server may run into difficulties.
Enable this option if you wish to maintain backward compatibility with pre-4.1 clients under circumstances where the server would otherwise generate long password hashes. The option does not affect authentication (4.1 and later clients can still use accounts that have long password hashes), but it does prevent creation of a long password hash in the user table as the result of a password-changing operation.
SSL
MySQL can check X509 certificate attributes in addition to the usual authentication that is based on the username and password. To specify SSL-related options for a MySQL account, use the REQUIRE clause of the GRANT statement.
ANY
This option tells the server to allow only SSL-encrypted connections for the account.Example:GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost'
IDENTIFIED BY 'goodsecret' REQUIRE SSL;X509
This means that the client must have a valid certificate but that the exact certificate, issuer, and subject do not matter. The only requirement is that it should be possible to verify its signature with one of the CA certificates.Example:GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost'
IDENTIFIED BY 'goodsecret' REQUIRE SSL;SPECIFIED
Example:GRANT ALL PRIVILEGES ON test.* TO 'root'@'localhost'
IDENTIFIED BY 'goodsecret'
REQUIRE SUBJECT '/C=EE/ST=Some-State/L=Tallinn/
O=MySQL demo client certificate/
CN=Tonu Samuel/Email=tonu@example.com'
AND ISSUER '/C=FI/ST=Some-State/L=Helsinki/
O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@example.com'
AND CIPHER 'EDH-RSA-DES-CBC3-SHA';Issuer
This places the restriction on connection attempts that the client must present a valid X509 certificate issued by CA issuer. If the client presents a certificate that is valid but has a different issuer, the server rejects the connection. Use of X509 certificates always implies encryption, so the SSL option is unnecessary in this case.Subject
This places the restriction on connection attempts that the client must present a valid X509 certificate containing the subject subject. If the client presents a certificate that is valid but has a different subject, the server rejects the connection.Cipher
This is needed to ensure that ciphers and key lengths of sufficient strength are used. SSL itself can be weak if old algorithms using short encryption keys are used. Using this option, you can ask that a specific cipher method is used to allow a connection.