List:Commits« Previous MessageNext Message »
From:paul Date:January 28 2006 5:52am
Subject:svn commit - mysqldoc@docsrva: r1074 - in trunk: . refman-4.1 refman-5.0 refman-5.1
View as plain text  
Author: paul
Date: 2006-01-28 06:52:53 +0100 (Sat, 28 Jan 2006)
New Revision: 1074

Log:
 r6798@frost:  paul | 2006-01-27 19:32:00 -0600
 General revisions.


Modified:
   trunk/
   trunk/refman-4.1/database-administration.xml
   trunk/refman-5.0/database-administration.xml
   trunk/refman-5.1/database-administration.xml


Property changes on: trunk
___________________________________________________________________
Name: svk:merge
   - b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:6796
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:2588
   + b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:6798
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:2588

Modified: trunk/refman-4.1/database-administration.xml
===================================================================
--- trunk/refman-4.1/database-administration.xml	2006-01-28 00:43:31 UTC (rev 1073)
+++ trunk/refman-4.1/database-administration.xml	2006-01-28 05:52:53 UTC (rev 1074)
@@ -1436,11 +1436,11 @@
             </para>
 
             <para>
-              If this is enabled, a user can't create new users by using
-              the <literal>GRANT</literal> statement, if the user
-              doesn't have the <literal>INSERT</literal> privilege for
-              the <literal>mysql.user</literal> table or any column in
-              the table.
+              If this option is enabled, a user cannot create new MySQL
+              users by using the <literal>GRANT</literal> statement, if
+              the user doesn't have the <literal>INSERT</literal>
+              privilege for the <literal>mysql.user</literal> table or
+              any column in the table.
             </para>
           </listitem>
 
@@ -6568,7 +6568,7 @@
 
             <para>
               The number of physical reads of a key block from disk. If
-              <literal>Key_reads</literal> is big, then your
+              <literal>Key_reads</literal> is large, then your
               <literal>key_buffer_size</literal> value is probably too
               small. The cache miss rate can be calculated as
               <literal>Key_reads</literal>/<literal>Key_read_requests</literal>.
@@ -6678,7 +6678,7 @@
             </para>
 
             <para>
-              The number of free memory blocks in query cache.
+              The number of free memory blocks in the query cache.
             </para>
           </listitem>
 
@@ -6688,7 +6688,7 @@
             </para>
 
             <para>
-              The amount of free memory for query cache.
+              The amount of free memory for the query cache.
             </para>
           </listitem>
 
@@ -6698,7 +6698,7 @@
             </para>
 
             <para>
-              The number of cache hits.
+              The number of query cache hits.
             </para>
           </listitem>
 
@@ -6708,7 +6708,7 @@
             </para>
 
             <para>
-              The number of queries added to the cache.
+              The number of queries added to the query cache.
             </para>
           </listitem>
 
@@ -6718,8 +6718,8 @@
             </para>
 
             <para>
-              The number of queries that were deleted from the cache
-              because of low memory.
+              The number of queries that were deleted from the query
+              cache because of low memory.
             </para>
           </listitem>
 
@@ -6741,7 +6741,7 @@
             </para>
 
             <para>
-              The number of queries registered in the cache.
+              The number of queries registered in the query cache.
             </para>
           </listitem>
 
@@ -6761,7 +6761,7 @@
             </para>
 
             <para>
-              The number of statements that have been sent to the
+              The number of statements that clients have sent to the
               server.
             </para>
           </listitem>
@@ -6807,8 +6807,8 @@
 
             <para>
               The number of joins that used ranges on the first table.
-              (it is normally not critical even if this is big.) This
-              variable was added in MySQL 3.23.25.
+              This is normally not critical issue even if the value is
+              quite large. This variable was added in MySQL 3.23.25.
             </para>
           </listitem>
 
@@ -6843,8 +6843,9 @@
             </para>
 
             <para>
-              The number of temporary tables currently open by the slave
-              SQL thread. This variable was added in MySQL 3.23.29.
+              The number of temporary tables that the slave SQL thread
+              currently has open. This variable was added in MySQL
+              3.23.29.
             </para>
           </listitem>
 
@@ -6902,10 +6903,11 @@
             </para>
 
             <para>
-              The number of merge passes the sort algorithm has had to
-              do. If this value is large, you should consider increasing
-              the value of the <literal>sort_buffer_size</literal>
-              system variable. This variable was added in MySQL 3.23.28.
+              The number of merge passes that the sort algorithm has had
+              to do. If this value is large, you should consider
+              increasing the value of the
+              <literal>sort_buffer_size</literal> system variable. This
+              variable was added in MySQL 3.23.28.
             </para>
           </listitem>
 
@@ -6976,7 +6978,7 @@
             <para>
               The number of times that a table lock could not be
               acquired immediately and a wait was needed. If this is
-              high, and you have performance problems, you should first
+              high and you have performance problems, you should first
               optimize your queries, and then either split your table or
               tables or use replication. This variable was added in
               MySQL 3.23.33.
@@ -9536,7 +9538,7 @@
       <para>
         MySQL uses security based on Access Control Lists (ACLs) for all
         connections, queries, and other operations that users can
-        attempt to perform. There is also some support for SSL-encrypted
+        attempt to perform. There is also support for SSL-encrypted
         connections between MySQL clients and servers. Many of the
         concepts discussed here are not specific to MySQL at all; the
         same general ideas apply to almost all applications.
@@ -9581,20 +9583,19 @@
               <para>
                 Try <literal>mysql -u root</literal>. If you are able to
                 connect successfully to the server without being asked
-                for a password, then <emphasis>anyone</emphasis> can
-                connect to your MySQL server as the MySQL
-                <literal>root</literal> user with full privileges.
-                Review the MySQL installation instructions, paying
-                particular attention to the information about setting a
-                <literal>root</literal> password. See
+                for a password, anyone can connect to your MySQL server
+                as the MySQL <literal>root</literal> user with full
+                privileges! Review the MySQL installation instructions,
+                paying particular attention to the information about
+                setting a <literal>root</literal> password. See
                 <xref linkend="default-privileges"/>.
               </para>
             </listitem>
 
             <listitem>
               <para>
-                Use the <literal>SHOW GRANTS</literal> statement to see
-                who has access to what. Then use the
+                Use the <literal>SHOW GRANTS</literal> statement to
+                check which accounts have access to what. Then use the
                 <literal>REVOKE</literal> statement to remove those
                 privileges that are not necessary.
               </para>
@@ -9609,22 +9610,23 @@
             your computer becomes compromised, the intruder can take the
             full list of passwords and use them. Instead, use
             <literal>MD5()</literal>, <literal>SHA1()</literal>, or some
-            other one-way hashing function.
+            other one-way hashing function and store the hash value.
           </para>
         </listitem>
 
         <listitem>
           <para>
-            Do not choose passwords from dictionaries. There are special
-            programs to break them. Even passwords like
+            Do not choose passwords from dictionaries. Special programs
+            exist to break passwords. Even passwords like
             <quote>xfish98</quote> are very bad. Much better is
             <quote>duag98</quote> which contains the same word
             <quote>fish</quote> but typed one key to the left on a
-            standard QWERTY keyboard. Another method is to use the first
-            characters of each word in a sentence. For example,
-            <quote>Mhall</quote> is taken from <quote>Mary had a little
-            lamb.</quote> This is easy to remember and type, but
-            difficult to guess for someone who does not know it.
+            standard QWERTY keyboard. Another method is to use a
+            password that is taken from the first characters of each
+            word in a sentence (for example, <quote>Mary had a little
+            lamb</quote> results in a password of <quote>Mhall</quote>).
+            The password is easy to remember and type, but difficult to
+            guess for someone who does not know the sentence.
           </para>
         </listitem>
 
@@ -9649,12 +9651,13 @@
                 untrusted hosts. Another simple way to check whether or
                 not your MySQL port is open is to try the following
                 command from some remote machine, where
-                <literal>server_host</literal> is the host on which your
-                MySQL server runs:
+                <replaceable>server_host</replaceable> is the hostname
+                or IP number of the host on which your MySQL server
+                runs:
               </para>
 
 <programlisting>
-shell&gt; <userinput>telnet server_host 3306</userinput>
+shell&gt; <userinput>telnet <replaceable>server_host</replaceable> 3306</userinput>
 </programlisting>
 
               <para>
@@ -9662,8 +9665,8 @@
                 port is open, and should be closed on your firewall or
                 router, unless you really have a good reason to keep it
                 open. If <command>telnet</command> hangs or the
-                connection is refused, this is good; this means that the
-                port is blocked.
+                connection is refused, the port is blocked, which is how
+                you want it to be.
               </para>
             </listitem>
 
@@ -9677,7 +9680,7 @@
             escaped character sequences in Web forms, URLs, or whatever
             application you have built. Be sure that your application
             remains secure if a user enters something like
-            <quote><literal>; DROP DATABASE mysql;</literal>.</quote>
+            <quote><literal>; DROP DATABASE mysql;</literal></quote>.
             This is an extreme example, but large security leaks and
             data loss might occur as a result of hackers using similar
             techniques, if you do not prepare for them.
@@ -9820,6 +9823,12 @@
 
             <listitem>
               <para>
+                Ruby DBI: Use placeholders.
+              </para>
+            </listitem>
+
+            <listitem>
+              <para>
                 Java JDBC: Use a <literal>PreparedStatement</literal>
                 object and placeholders.
               </para>
@@ -9840,8 +9849,9 @@
             and ability to intercept it and use it for their own
             purposes. Instead, use an encrypted protocol such as SSL or
             SSH. MySQL supports internal SSL connections as of version
-            4.0.0. SSH port-forwarding can be used to create an
-            encrypted (and compressed) tunnel for the communication.
+            4.0. Another technique is to use SSH port-forwarding to
+            create an encrypted (and compressed) tunnel for the
+            communication.
           </para>
         </listitem>
 
@@ -9891,34 +9901,30 @@
         connection. Password handling during the client connection
         sequence was upgraded in MySQL 4.1.1 to be very secure. If you
         are using an older version of MySQL, or are still using
-        pre-4.1.1-style passwords, the encryption algorithm is less
-        strong and with some effort a clever attacker who can sniff the
-        traffic between the client and the server can crack the
-        password. (See <xref linkend="password-hashing"/>, for a
-        discussion of the different password handling methods.) If the
-        connection between the client and the server goes through an
-        untrusted network, you should use an SSH tunnel to encrypt the
-        communication.
+        pre-4.1.1-style passwords, the encryption algorithm is not as
+        strong as the newer algorithmm With some effort, a clever
+        attacker who can sniff the traffic between the client and the
+        server can crack the password. (See
+        <xref linkend="password-hashing"/>, for a discussion of the
+        different password handling methods.)
       </para>
 
       <para>
-        All other information is transferred as text that can be read by
-        anyone who is able to watch the connection. If you are concerned
-        about this, you can use the compressed protocol (in MySQL 3.22
-        and above) to make traffic much more difficult to decipher. To
-        make the connection even more secure, you should use SSH to
-        obtain an encrypted TCP/IP connection between a MySQL server and
-        a MySQL client. You can find an Open Source SSH client at
-        <ulink url="http://www.openssh.org/"/>, and a commercial SSH
-        client at <ulink url="http://www.ssh.com/"/>.
+        All other information is transferred as text, and can be read by
+        anyone who is able to watch the connection. If the connection
+        between the client and the server goes through an untrusted
+        network, and you are concerned about this, you can use the
+        compressed protocol (in MySQL 3.22 and above) to make traffic
+        much more difficult to decipher. You can also use MySQL's
+        internal SSL support to make the connection even more secure in
+        MySQL 4.0 and up. See <xref linkend="secure-connections"/>.
+        Alternatively, use SSH to get an encrypted TCP/IP connection
+        between a MySQL server and a MySQL client. You can find an Open
+        Source SSH client at <ulink url="http://www.openssh.org/"/>, and
+        a commercial SSH client at <ulink url="http://www.ssh.com/"/>.
       </para>
 
       <para>
-        If you are using MySQL 4.0 or newer, you can also use internal
-        OpenSSL support. See <xref linkend="secure-connections"/>.
-      </para>
-
-      <para>
         To make a MySQL system secure, you should strongly consider the
         following suggestions:
       </para>
@@ -9927,59 +9933,49 @@
 
         <listitem>
           <para>
-            Use passwords for all MySQL users. A client program does not
-            necessarily know the identity of the person running it. It
-            is common for client/server applications that the user can
-            specify any username to the client program. For example,
-            anyone can use the <command>mysql</command> program to
-            connect as any other person simply by invoking it as
+            Require all MySQL accounts to have a password. A client
+            program does not necessarily know the identity of the person
+            running it. It is common for client/server applications that
+            the user can specify any username to the client program. For
+            example, anyone can use the <command>mysql</command> program
+            to connect as any other person simply by invoking it as
             <literal>mysql -u <replaceable>other_user</replaceable>
             <replaceable>db_name</replaceable></literal> if
             <replaceable>other_user</replaceable> has no password. If
-            all users have a password, connecting using another user's
+            all account have a password, connecting using another user's
             account becomes much more difficult.
           </para>
 
           <para>
-            To change the password for a user, use the <literal>SET
-            PASSWORD</literal> statement. It is also possible to update
-            the <literal>user</literal> table in the
-            <literal>mysql</literal> database directly. For example, to
-            change the password of all MySQL accounts that have a
-            username of <literal>root</literal>, do this:
+            For a discussion of methods for setting passwords, see
+            <xref linkend="passwords"/>.
           </para>
-
-<programlisting>
-shell&gt; <userinput>mysql -u root</userinput>
-mysql&gt; <userinput>UPDATE mysql.user SET Password=PASSWORD('<replaceable>newpwd</replaceable>')</userinput>
-    -&gt; <userinput>WHERE User='root';</userinput>
-mysql&gt; <userinput>FLUSH PRIVILEGES;</userinput>
-</programlisting>
         </listitem>
 
         <listitem>
           <para>
-            <emphasis>Do not run the MySQL server as the Unix
-            <literal>root</literal> user</emphasis>. This is very
-            dangerous, because any user with the <literal>FILE</literal>
-            privilege is able to create files as <literal>root</literal>
-            (for example, <literal>~root/.bashrc</literal>). To prevent
-            this, <command>mysqld</command> refuses to run as
-            <literal>root</literal> unless specified explicitly using
-            the option <option>--user=root</option>.
+            Never run the MySQL server as the Unix
+            <literal>root</literal> user. This is extremely dangerous,
+            because any user with the <literal>FILE</literal> privilege
+            is able to cause the server to create files as
+            <literal>root</literal> (for example,
+            <literal>~root/.bashrc</literal>). To prevent this,
+            <command>mysqld</command> refuses to run as
+            <literal>root</literal> unless that is specified explicitly
+            using the <option>--user=root</option> option.
           </para>
 
           <para>
             <command>mysqld</command> can (and should) be run as an
             ordinary, unprivileged user instead. You can also create a
             separate Unix account named <literal>mysql</literal> to make
-            everything even more secure. Use the account only for
-            administering MySQL. To start <command>mysqld</command> as
-            another Unix user, add a <literal>user</literal> option that
-            specifies the username to the <literal>[mysqld]</literal>
-            group of the <filename>/etc/my.cnf</filename> option file or
-            the <filename>my.cnf</filename> option file in the server's
-            data directory. For example:
+            everything even more secure. Use this account only for
+            administering MySQL. To start <command>mysqld</command> as a
+            different Unix user, add a <literal>user</literal> option
+            that specifies the username in the
+            <literal>[mysqld]</literal> group of the
+            <filename>my.cnf</filename> option file where you specify
+            server options. For example:
           </para>
 
 <programlisting>
@@ -10007,12 +10003,13 @@
 
         <listitem>
           <para>
-            Do not allow the use of symlinks to tables. (This can be
-            disabled with the <option>--skip-symbolic-links</option>
-            option.) This is especially important if you run
-            <command>mysqld</command> as <literal>root</literal>,
-            because anyone having write access to the server's data
-            directory then could delete any file in the system! See
+            Do not allow the use of symlinks to tables. (This capability
+            can be disabled with the
+            <option>--skip-symbolic-links</option> option.) This is
+            especially important if you run <command>mysqld</command> as
+            <literal>root</literal>, because anyone that has write
+            access to the server's data directory then could delete any
+            file in the system! See
             <xref linkend="symbolic-links-to-tables"/>.
           </para>
         </listitem>
@@ -10030,11 +10027,12 @@
             Do not grant the <literal>PROCESS</literal> or
             <literal>SUPER</literal> privilege to non-administrative
             users. The output of <command>mysqladmin
-            processlist</command> shows the text of any statements
-            currently being executed, so any user who is allowed to
-            execute that command might be able to see whether another
+            processlist</command> and <literal>SHOW
+            PROCESSLIST</literal> shows the text of any statements
+            currently being executed, so any user who is allowed to see
+            the server process list might be able to see whether another
             user issues a statement such as <literal>UPDATE user SET
-            password=PASSWORD('<replaceable>plaintext-password</replaceable>');</literal>.
+            password=PASSWORD('not_secure')</literal>.
           </para>
 
           <para>
@@ -10184,9 +10182,9 @@
           </para>
 
           <para>
-            If this is enabled, a user cannot create new users by using
-            the <literal>GRANT</literal> statement unless the user has
-            the <literal>INSERT</literal> privilege for the
+            If this option is enabled, a user cannot create new MySQL
+            users by using the <literal>GRANT</literal> statement unless
+            the user has the <literal>INSERT</literal> privilege for the
             <literal>mysql.user</literal> table. If you want a user to
             have the ability to create new users that have those
             privileges that the user has right to grant, you should
@@ -10330,8 +10328,8 @@
             process has read access to (assuming that a user could run
             any command against the SQL server). In this environment,
             the client with respect to the MySQL server actually is the
-            Web server, not the program being run by the user connecting
-            to the Web server.
+            Web server, not the remote program being run by the user who
+            connects to the Web server.
           </para>
         </listitem>
 
@@ -10356,11 +10354,11 @@
 
         <listitem>
           <para>
-            If you build MySQL from source but do not use the
-            <option>--enable-local-infile</option> option to
-            <command>configure</command>, <literal>LOAD DATA
-            LOCAL</literal> cannot be used by any client unless it is
-            written explicitly to invoke <literal>mysql_options(...
+            If you build MySQL from source but do not invoke
+            <command>configure</command> with the
+            <option>--enable-local-infile</option> option, <literal>LOAD
+            DATA LOCAL</literal> cannot be used by any client unless it
+            is written explicitly to invoke <literal>mysql_options(...
             MYSQL_OPT_LOCAL_INFILE, 0)</literal>. See
             <xref linkend="mysql-options"/>.
           </para>
@@ -10566,7 +10564,7 @@
 
     <para>
       MySQL has an advanced but non-standard security and privilege
-      system. This section describes how it works.
+      system. The following discussion describes how it works.
     </para>
 
     <section id="what-privileges">
@@ -10589,7 +10587,7 @@
 
       <para>
         The primary function of the MySQL privilege system is to
-        authenticate a user connecting from a given host, and to
+        authenticate a user who connects from a given host and to
         associate that user with privileges on a database such as
         <literal>SELECT</literal>, <literal>INSERT</literal>,
         <literal>UPDATE</literal>, and <literal>DELETE</literal>.

Modified: trunk/refman-5.0/database-administration.xml
===================================================================
--- trunk/refman-5.0/database-administration.xml	2006-01-28 00:43:31 UTC (rev 1073)
+++ trunk/refman-5.0/database-administration.xml	2006-01-28 05:52:53 UTC (rev 1074)
@@ -1454,11 +1454,11 @@
             </para>
 
             <para>
-              If this is enabled, a user can't create new users by using
-              the <literal>GRANT</literal> statement, if the user
-              doesn't have the <literal>INSERT</literal> privilege for
-              the <literal>mysql.user</literal> table or any column in
-              the table.
+              If this option is enabled, a user cannot create new MySQL
+              users by using the <literal>GRANT</literal> statement, if
+              the user doesn't have the <literal>INSERT</literal>
+              privilege for the <literal>mysql.user</literal> table or
+              any column in the table.
             </para>
           </listitem>
 
@@ -6892,13 +6892,13 @@
             </para>
 
             <para>
-              The number of pages busy because they have been allocated
-              for administrative overhead such as row locks or the
-              adaptive hash index. This value can also be calculated as
-              <literal>Innodb_buffer_pool_pages_total</literal> -
-              <literal>Innodb_buffer_pool_pages_free</literal> -
-              <literal>Innodb_buffer_pool_pages_data</literal>. Added in
-              MySQL 5.0.2.
+              The number of pages that are busy because they have been
+              allocated for administrative overhead such as row locks or
+              the adaptive hash index. This value can also be calculated
+              as <literal>Innodb_buffer_pool_pages_total</literal>
+              &minus; <literal>Innodb_buffer_pool_pages_free</literal>
+              &minus; <literal>Innodb_buffer_pool_pages_data</literal>.
+              Added in MySQL 5.0.2.
             </para>
           </listitem>
 
@@ -6908,7 +6908,8 @@
             </para>
 
             <para>
-              Total size of buffer pool, in pages. Added in MySQL 5.0.2.
+              The total size of buffer pool, in pages. Added in MySQL
+              5.0.2.
             </para>
           </listitem>
 
@@ -6918,10 +6919,10 @@
             </para>
 
             <para>
-              The number of <quote>random</quote> read-aheads
-              <literal>InnoDB</literal> initiated. This happens when a
-              query is to scan a large portion of a table but in random
-              order. Added in MySQL 5.0.2.
+              The number of <quote>random</quote> read-aheads initiated
+              by <literal>InnoDB</literal>. This happens when a query
+              scans a large portion of a table but in random order.
+              Added in MySQL 5.0.2.
             </para>
           </listitem>
 
@@ -6931,8 +6932,8 @@
             </para>
 
             <para>
-              The number of sequential read-aheads
-              <literal>InnoDB</literal> initiated. This happens when
+              The number of sequential read-aheads initiated by
+              <literal>InnoDB</literal>. This happens when
               <literal>InnoDB</literal> does a sequential full table
               scan. Added in MySQL 5.0.2.
             </para>
@@ -7109,8 +7110,8 @@
             </para>
 
             <para>
-              The number of waits we had because log buffer was too
-              small and we had to wait for it to be flushed before
+              The number of times that the log buffer was too small and
+              a wait was required for it to be flushed before
               continuing. Added in MySQL 5.0.2.
             </para>
           </listitem>
@@ -7164,7 +7165,8 @@
             </para>
 
             <para>
-              Pending log file writes. Added in MySQL 5.0.2.
+              The number of pending log file writes. Added in MySQL
+              5.0.2.
             </para>
           </listitem>
 
@@ -7375,7 +7377,7 @@
 
             <para>
               The number of physical reads of a key block from disk. If
-              <literal>Key_reads</literal> is big, then your
+              <literal>Key_reads</literal> is large, then your
               <literal>key_buffer_size</literal> value is probably too
               small. The cache miss rate can be calculated as
               <literal>Key_reads</literal>/<literal>Key_read_requests</literal>.
@@ -7409,8 +7411,8 @@
 
             <para>
               The total cost of the last compiled query as computed by
-              the query optimizer. Useful for comparing the cost of
-              different query plans for the same query. The default
+              the query optimizer. This is useful for comparing the cost
+              of different query plans for the same query. The default
               value of 0 means that no query has been compiled yet. This
               variable was added in MySQL 5.0.1, with a default value of
               -1. In MySQL 5.0.7, the default was changed to 0; also in
@@ -7497,7 +7499,7 @@
             </para>
 
             <para>
-              The number of free memory blocks in query cache.
+              The number of free memory blocks in the query cache.
             </para>
           </listitem>
 
@@ -7507,7 +7509,7 @@
             </para>
 
             <para>
-              The amount of free memory for query cache.
+              The amount of free memory for the query cache.
             </para>
           </listitem>
 
@@ -7517,7 +7519,7 @@
             </para>
 
             <para>
-              The number of cache hits.
+              The number of query cache hits.
             </para>
           </listitem>
 
@@ -7527,7 +7529,7 @@
             </para>
 
             <para>
-              The number of queries added to the cache.
+              The number of queries added to the query cache.
             </para>
           </listitem>
 
@@ -7537,8 +7539,8 @@
             </para>
 
             <para>
-              The number of queries that were deleted from the cache
-              because of low memory.
+              The number of queries that were deleted from the query
+              cache because of low memory.
             </para>
           </listitem>
 
@@ -7560,7 +7562,7 @@
             </para>
 
             <para>
-              The number of queries registered in the cache.
+              The number of queries registered in the query cache.
             </para>
           </listitem>
 
@@ -7580,7 +7582,7 @@
             </para>
 
             <para>
-              The number of statements that have been sent to the
+              The number of statements that clients have sent to the
               server.
             </para>
           </listitem>
@@ -7630,8 +7632,8 @@
                 Why not? Why the comment, if it's not important?
               </remark>
 
-              It is normally not a critical issue even if this is quite
-              large.
+              This is normally not a critical issue even if the value is
+              quite large.
             </para>
           </listitem>
 
@@ -7664,8 +7666,8 @@
             </para>
 
             <para>
-              The number of temporary tables currently open by the slave
-              SQL thread.
+              The number of temporary tables that the slave SQL thread
+              currently has open.
             </para>
           </listitem>
 
@@ -7686,9 +7688,9 @@
             </para>
 
             <para>
-              Total number of times since startup that the replication
-              slave SQL thread has retried transactions. This variable
-              was added in version 5.0.4.
+              The total number of times since startup that the
+              replication slave SQL thread has retried transactions.
+              This variable was added in version 5.0.4.
             </para>
           </listitem>
 
@@ -7721,10 +7723,10 @@
             </para>
 
             <para>
-              The number of merge passes the sort algorithm has had to
-              do. If this value is large, you should consider increasing
-              the value of the <literal>sort_buffer_size</literal>
-              system variable.
+              The number of merge passes that the sort algorithm has had
+              to do. If this value is large, you should consider
+              increasing the value of the
+              <literal>sort_buffer_size</literal> system variable.
             </para>
           </listitem>
 
@@ -7791,7 +7793,7 @@
             <para>
               The number of times that a table lock could not be
               acquired immediately and a wait was needed. If this is
-              high, and you have performance problems, you should first
+              high and you have performance problems, you should first
               optimize your queries, and then either split your table or
               tables or use replication.
             </para>
@@ -11544,7 +11546,7 @@
       <para>
         MySQL uses security based on Access Control Lists (ACLs) for all
         connections, queries, and other operations that users can
-        attempt to perform. There is also some support for SSL-encrypted
+        attempt to perform. There is also support for SSL-encrypted
         connections between MySQL clients and servers. Many of the
         concepts discussed here are not specific to MySQL at all; the
         same general ideas apply to almost all applications.
@@ -11590,19 +11592,19 @@
               <para>
                 Try <literal>mysql -u root</literal>. If you are able to
                 connect successfully to the server without being asked
-                for a password, you have problems. Anyone can connect to
-                your MySQL server as the MySQL <literal>root</literal>
-                user with full privileges! Review the MySQL installation
-                instructions, paying particular attention to the
-                information about setting a <literal>root</literal>
-                password. See <xref linkend="default-privileges"/>.
+                for a password, anyone can connect to your MySQL server
+                as the MySQL <literal>root</literal> user with full
+                privileges! Review the MySQL installation instructions,
+                paying particular attention to the information about
+                setting a <literal>root</literal> password. See
+                <xref linkend="default-privileges"/>.
               </para>
             </listitem>
 
             <listitem>
               <para>
-                Use the <literal>SHOW GRANTS</literal> statement and
-                check to see who has access to what. Then use the
+                Use the <literal>SHOW GRANTS</literal> statement to
+                check which accounts have access to what. Then use the
                 <literal>REVOKE</literal> statement to remove those
                 privileges that are not necessary.
               </para>
@@ -11617,22 +11619,23 @@
             your computer becomes compromised, the intruder can take the
             full list of passwords and use them. Instead, use
             <literal>MD5()</literal>, <literal>SHA1()</literal>, or some
-            other one-way hashing function.
+            other one-way hashing function and store the hash value.
           </para>
         </listitem>
 
         <listitem>
           <para>
-            Do not choose passwords from dictionaries. There are special
-            programs to break them. Even passwords like
+            Do not choose passwords from dictionaries. Special programs
+            exist to break passwords. Even passwords like
             <quote>xfish98</quote> are very bad. Much better is
             <quote>duag98</quote> which contains the same word
             <quote>fish</quote> but typed one key to the left on a
-            standard QWERTY keyboard. Another method is to use
-            <quote>Mhall</quote> which is taken from the first
-            characters of each word in the sentence <quote>Mary had a
-            little lamb.</quote> This is easy to remember and type, but
-            difficult to guess for someone who does not know it.
+            standard QWERTY keyboard. Another method is to use a
+            password that is taken from the first characters of each
+            word in a sentence (for example, <quote>Mary had a little
+            lamb</quote> results in a password of <quote>Mhall</quote>).
+            The password is easy to remember and type, but difficult to
+            guess for someone who does not know the sentence.
           </para>
         </listitem>
 
@@ -11657,12 +11660,13 @@
                 untrusted hosts. Another simple way to check whether or
                 not your MySQL port is open is to try the following
                 command from some remote machine, where
-                <literal>server_host</literal> is the host on which your
-                MySQL server runs:
+                <replaceable>server_host</replaceable> is the hostname
+                or IP number of the host on which your MySQL server
+                runs:
               </para>
 
 <programlisting>
-shell&gt; <userinput>telnet server_host 3306</userinput>
+shell&gt; <userinput>telnet <replaceable>server_host</replaceable> 3306</userinput>
 </programlisting>
 
               <para>
@@ -11670,8 +11674,8 @@
                 port is open, and should be closed on your firewall or
                 router, unless you really have a good reason to keep it
                 open. If <literal>telnet</literal> hangs or the
-                connection is refused, then the port is blocked, which
-                is how you want it to be.
+                connection is refused, the port is blocked, which is how
+                you want it to be.
               </para>
             </listitem>
 
@@ -11685,7 +11689,7 @@
             escaped character sequences in Web forms, URLs, or whatever
             application you have built. Be sure that your application
             remains secure if a user enters something like
-            <quote><literal>; DROP DATABASE mysql;</literal>.</quote>
+            <quote><literal>; DROP DATABASE mysql;</literal></quote>.
             This is an extreme example, but large security leaks and
             data loss might occur as a result of hackers using similar
             techniques, if you do not prepare for them.
@@ -11834,6 +11838,12 @@
 
             <listitem>
               <para>
+                Ruby DBI: Use placeholders.
+              </para>
+            </listitem>
+
+            <listitem>
+              <para>
                 Java JDBC: Use a <literal>PreparedStatement</literal>
                 object and placeholders.
               </para>
@@ -11854,8 +11864,9 @@
             and ability to intercept it and use it for their own
             purposes. Instead, use an encrypted protocol such as SSL or
             SSH. MySQL supports internal SSL connections as of version
-            4.0.0. SSH port-forwarding can be used to create an
-            encrypted (and compressed) tunnel for the communication.
+            4.0. Another technique is to use SSH port-forwarding to
+            create an encrypted (and compressed) tunnel for the
+            communication.
           </para>
         </listitem>
 
@@ -11904,33 +11915,29 @@
         connection. Password handling during the client connection
         sequence was upgraded in MySQL 4.1.1 to be very secure. If you
         are still using pre-4.1.1-style passwords, the encryption
-        algorithm is not as strong as the newer algorithm; with some
-        effort a clever attacker who can sniff the traffic between the
+        algorithm is not as strong as the newer algorithmm With some
+        effort, a clever attacker who can sniff the traffic between the
         client and the server can crack the password. (See
         <xref linkend="password-hashing"/>, for a discussion of the
-        different password handling methods.) If the connection between
-        the client and the server goes through an untrusted network, you
-        should use an SSH tunnel to encrypt the communication.
+        different password handling methods.)
       </para>
 
       <para>
         All other information is transferred as text, and can be read by
-        anyone who is able to watch the connection. If you are concerned
-        about this, you can use the compressed protocol to make traffic
-        much more difficult to decipher. To make the connection even
-        more secure, you should use SSH to get an encrypted TCP/IP
-        connection between a MySQL server and a MySQL client. You can
-        find an Open Source SSH client at
+        anyone who is able to watch the connection. If the connection
+        between the client and the server goes through an untrusted
+        network, and you are concerned about this, you can use the
+        compressed protocol to make traffic much more difficult to
+        decipher. You can also use MySQL's internal SSL support to make
+        the connection even more secure. See
+        <xref linkend="secure-connections"/>. Alternatively, use SSH to
+        get an encrypted TCP/IP connection between a MySQL server and a
+        MySQL client. You can find an Open Source SSH client at
         <ulink url="http://www.openssh.org/"/>, and a commercial SSH
         client at <ulink url="http://www.ssh.com/"/>.
       </para>
 
       <para>
-        You can also use MySQL's internal OpenSSL support. See
-        <xref linkend="secure-connections"/>.
-      </para>
-
-      <para>
         To make a MySQL system secure, you should strongly consider the
         following suggestions:
       </para>
@@ -11939,34 +11946,23 @@
 
         <listitem>
           <para>
-            Use passwords for all MySQL users. A client program does not
-            necessarily know the identity of the person running it. It
-            is common for client/server applications that the user can
-            specify any username to the client program. For example,
-            anyone can use the <command>mysql</command> program to
-            connect as any other person simply by invoking it as
+            Require all MySQL accounts to have a password. A client
+            program does not necessarily know the identity of the person
+            running it. It is common for client/server applications that
+            the user can specify any username to the client program. For
+            example, anyone can use the <command>mysql</command> program
+            to connect as any other person simply by invoking it as
             <literal>mysql -u <replaceable>other_user</replaceable>
             <replaceable>db_name</replaceable></literal> if
             <replaceable>other_user</replaceable> has no password. If
-            all users have a password, connecting using another user's
+            all account have a password, connecting using another user's
             account becomes much more difficult.
           </para>
 
           <para>
-            To change the password for a user, use the <literal>SET
-            PASSWORD</literal> statement. It is also possible to update
-            the <literal>user</literal> table in the
-            <literal>mysql</literal> database directly. For example, to
-            change the password of all MySQL accounts that have a
-            username of <literal>root</literal>, do this:
+            For a discussion of methods for setting passwords, see
+            <xref linkend="passwords"/>.
           </para>
-
-<programlisting>
-shell&gt; <userinput>mysql -u root</userinput>
-mysql&gt; <userinput>UPDATE mysql.user SET Password=PASSWORD('<replaceable>newpwd</replaceable>')</userinput>
-    -&gt; <userinput>WHERE User='root';</userinput>
-mysql&gt; <userinput>FLUSH PRIVILEGES;</userinput>
-</programlisting>
         </listitem>
 
         <listitem>
@@ -11974,8 +11970,9 @@
             Never run the MySQL server as the Unix
             <literal>root</literal> user. This is extremely dangerous,
             because any user with the <literal>FILE</literal> privilege
-            is able to create files as <literal>root</literal> (for
-            example, <literal>~root/.bashrc</literal>). To prevent this,
+            is able to cause the server to create files as
+            <literal>root</literal> (for example,
+            <literal>~root/.bashrc</literal>). To prevent this,
             <command>mysqld</command> refuses to run as
             <literal>root</literal> unless that is specified explicitly
             using the <option>--user=root</option> option.
@@ -11988,11 +11985,10 @@
             everything even more secure. Use this account only for
             administering MySQL. To start <command>mysqld</command> as a
             different Unix user, add a <literal>user</literal> option
-            that specifies the username to the
+            that specifies the username in the
             <literal>[mysqld]</literal> group of the
-            <filename>/etc/my.cnf</filename> option file or the
-            <filename>my.cnf</filename> option file in the server's data
-            directory. For example:
+            <filename>my.cnf</filename> option file where you specify
+            server options. For example:
           </para>
 
 <programlisting>
@@ -12019,12 +12015,13 @@
 
         <listitem>
           <para>
-            Don't allow the use of symlinks to tables. (This can be
-            disabled with the <option>--skip-symbolic-links</option>
-            option.) This is especially important if you run
-            <command>mysqld</command> as <literal>root</literal>,
-            because anyone that has write access to the server's data
-            directory then could delete any file in the system! See
+            Do not allow the use of symlinks to tables. (This capability
+            can be disabled with the
+            <option>--skip-symbolic-links</option> option.) This is
+            especially important if you run <command>mysqld</command> as
+            <literal>root</literal>, because anyone that has write
+            access to the server's data directory then could delete any
+            file in the system! See
             <xref linkend="symbolic-links-to-tables"/>.
           </para>
         </listitem>
@@ -12039,14 +12036,15 @@
 
         <listitem>
           <para>
-            Don't grant the <literal>PROCESS</literal> or
+            Do not grant the <literal>PROCESS</literal> or
             <literal>SUPER</literal> privilege to non-administrative
             users. The output of <command>mysqladmin
-            processlist</command> shows the text of any statements
-            currently being executed, so any user who is allowed to
-            execute to run that command might be able to see whether
-            another user issues a statement such as <literal>UPDATE user
-            SET password=PASSWORD('not_secure')</literal>.
+            processlist</command> and <literal>SHOW
+            PROCESSLIST</literal> shows the text of any statements
+            currently being executed, so any user who is allowed to see
+            the server process list might be able to see whether another
+            user issues a statement such as <literal>UPDATE user SET
+            password=PASSWORD('not_secure')</literal>.
           </para>
 
           <para>
@@ -12067,7 +12065,7 @@
 
         <listitem>
           <para>
-            Don't grant the <literal>FILE</literal> privilege to
+            Do not grant the <literal>FILE</literal> privilege to
             non-administrative users. Any user that has this privilege
             can write a file anywhere in the filesystem with the
             privileges of the <command>mysqld</command> daemon! To make
@@ -12198,9 +12196,9 @@
           </para>
 
           <para>
-            If this is enabled, a user cannot create new users by using
-            the <literal>GRANT</literal> statement unless the user has
-            the <literal>INSERT</literal> privilege for the
+            If this option is enabled, a user cannot create new MySQL
+            users by using the <literal>GRANT</literal> statement unless
+            the user has the <literal>INSERT</literal> privilege for the
             <literal>mysql.user</literal> table. If you want a user to
             have the ability to create new users that have those
             privileges that the user has right to grant, you should
@@ -12274,7 +12272,7 @@
           </para>
 
           <para>
-            Don't allow TCP/IP connections over the network. All
+            Do not allow TCP/IP connections over the network. All
             connections to <command>mysqld</command> must be made via
             Unix socket files.
           </para>
@@ -12341,8 +12339,8 @@
             process has read access to (assuming that a user could run
             any command against the SQL server). In this environment,
             the client with respect to the MySQL server actually is the
-            Web server, not the program being run by the user connecting
-            to the Web server.
+            Web server, not the remote program being run by the user who
+            connects to the Web server.
           </para>
         </listitem>
 
@@ -12367,11 +12365,11 @@
 
         <listitem>
           <para>
-            If you build MySQL from source but don't use the
-            <option>--enable-local-infile</option> option to
-            <command>configure</command>, <literal>LOAD DATA
-            LOCAL</literal> cannot be used by any client unless it is
-            written explicitly to invoke <literal>mysql_options(...
+            If you build MySQL from source but do not invoke
+            <command>configure</command> with the
+            <option>--enable-local-infile</option> option, <literal>LOAD
+            DATA LOCAL</literal> cannot be used by any client unless it
+            is written explicitly to invoke <literal>mysql_options(...
             MYSQL_OPT_LOCAL_INFILE, 0)</literal>. See
             <xref linkend="mysql-options"/>.
           </para>
@@ -12570,7 +12568,7 @@
 
     <para>
       MySQL has an advanced but non-standard security and privilege
-      system. This section describes how it works.
+      system. The following discussion describes how it works.
     </para>
 
     <section id="what-privileges">
@@ -12593,7 +12591,7 @@
 
       <para>
         The primary function of the MySQL privilege system is to
-        authenticate a user connecting from a given host, and to
+        authenticate a user who connects from a given host and to
         associate that user with privileges on a database such as
         <literal>SELECT</literal>, <literal>INSERT</literal>,
         <literal>UPDATE</literal>, and <literal>DELETE</literal>.

Modified: trunk/refman-5.1/database-administration.xml
===================================================================
--- trunk/refman-5.1/database-administration.xml	2006-01-28 00:43:31 UTC (rev 1073)
+++ trunk/refman-5.1/database-administration.xml	2006-01-28 05:52:53 UTC (rev 1074)
@@ -1451,11 +1451,11 @@
             </para>
 
             <para>
-              If this is enabled, a user can't create new users by using
-              the <literal>GRANT</literal> statement, if the user
-              doesn't have the <literal>INSERT</literal> privilege for
-              the <literal>mysql.user</literal> table or any column in
-              the table.
+              If this option is enabled, a user cannot create new MySQL
+              users by using the <literal>GRANT</literal> statement, if
+              the user doesn't have the <literal>INSERT</literal>
+              privilege for the <literal>mysql.user</literal> table or
+              any column in the table.
             </para>
           </listitem>
 
@@ -6976,12 +6976,12 @@
             </para>
 
             <para>
-              The number of pages busy because they have been allocated
-              for administrative overhead such as row locks or the
-              adaptive hash index. This value can also be calculated as
-              <literal>Innodb_buffer_pool_pages_total</literal> -
-              <literal>Innodb_buffer_pool_pages_free</literal> -
-              <literal>Innodb_buffer_pool_pages_data</literal>.
+              The number of pages that are busy because they have been
+              allocated for administrative overhead such as row locks or
+              the adaptive hash index. This value can also be calculated
+              as <literal>Innodb_buffer_pool_pages_total</literal>
+              &minus; <literal>Innodb_buffer_pool_pages_free</literal>
+              &minus; <literal>Innodb_buffer_pool_pages_data</literal>.
             </para>
           </listitem>
 
@@ -6991,7 +6991,7 @@
             </para>
 
             <para>
-              Total size of buffer pool, in pages.
+              The total size of the buffer pool, in pages.
             </para>
           </listitem>
 
@@ -7001,10 +7001,9 @@
             </para>
 
             <para>
-              The number of <quote>random</quote> read-aheads
-              <literal>InnoDB</literal> initiated. This happens when a
-              query is to scan a large portion of a table but in random
-              order.
+              The number of <quote>random</quote> read-aheads initiated
+              by <literal>InnoDB</literal>. This happens when a query
+              scans a large portion of a table but in random order.
             </para>
           </listitem>
 
@@ -7014,8 +7013,8 @@
             </para>
 
             <para>
-              The number of sequential read-aheads
-              <literal>InnoDB</literal> initiated. This happens when
+              The number of sequential read-aheads initiated by
+              <literal>InnoDB</literal>. This happens when
               <literal>InnoDB</literal> does a sequential full table
               scan.
             </para>
@@ -7188,8 +7187,8 @@
             </para>
 
             <para>
-              The number of waits we had because log buffer was too
-              small and we had to wait for it to be flushed before
+              The number of times that the log buffer was too small and
+              a wait was required for it to be flushed before
               continuing.
             </para>
           </listitem>
@@ -7242,7 +7241,7 @@
             </para>
 
             <para>
-              Pending log file writes.
+              The number of pending log file writes.
             </para>
           </listitem>
 
@@ -7447,7 +7446,7 @@
 
             <para>
               The number of physical reads of a key block from disk. If
-              <literal>Key_reads</literal> is big, then your
+              <literal>Key_reads</literal> is large, then your
               <literal>key_buffer_size</literal> value is probably too
               small. The cache miss rate can be calculated as
               <literal>Key_reads</literal>/<literal>Key_read_requests</literal>.
@@ -7481,8 +7480,8 @@
 
             <para>
               The total cost of the last compiled query as computed by
-              the query optimizer. Useful for comparing the cost of
-              different query plans for the same query. The default
+              the query optimizer. This is useful for comparing the cost
+              of different query plans for the same query. The default
               value of 0 means that no query has been compiled yet. The
               default value is 0. <literal>Last_query_cost</literal> has
               session scope.
@@ -7561,7 +7560,7 @@
             </para>
 
             <para>
-              The number of free memory blocks in query cache.
+              The number of free memory blocks in the query cache.
             </para>
           </listitem>
 
@@ -7571,7 +7570,7 @@
             </para>
 
             <para>
-              The amount of free memory for query cache.
+              The amount of free memory for the query cache.
             </para>
           </listitem>
 
@@ -7581,7 +7580,7 @@
             </para>
 
             <para>
-              The number of cache hits.
+              The number of query cache hits.
             </para>
           </listitem>
 
@@ -7591,7 +7590,7 @@
             </para>
 
             <para>
-              The number of queries added to the cache.
+              The number of queries added to the query cache.
             </para>
           </listitem>
 
@@ -7601,8 +7600,8 @@
             </para>
 
             <para>
-              The number of queries that were deleted from the cache
-              because of low memory.
+              The number of queries that were deleted from the query
+              cache because of low memory.
             </para>
           </listitem>
 
@@ -7624,7 +7623,7 @@
             </para>
 
             <para>
-              The number of queries registered in the cache.
+              The number of queries registered in the query cache.
             </para>
           </listitem>
 
@@ -7644,7 +7643,7 @@
             </para>
 
             <para>
-              The number of statements that have been sent to the
+              The number of statements that clients have sent to the
               server.
             </para>
           </listitem>
@@ -7694,8 +7693,8 @@
                 Why not? Why the comment, if it's not important?
               </remark>
 
-              It is normally not a critical issue even if this is quite
-              large.
+              This is normally not a critical issue even if the value is
+              quite large.
             </para>
           </listitem>
 
@@ -7728,8 +7727,8 @@
             </para>
 
             <para>
-              The number of temporary tables currently open by the slave
-              SQL thread.
+              The number of temporary tables that the slave SQL thread
+              currently has open.
             </para>
           </listitem>
 
@@ -7750,8 +7749,8 @@
             </para>
 
             <para>
-              Total number of times since startup that the replication
-              slave SQL thread has retried transactions.
+              The total number of times since startup that the
+              replication slave SQL thread has retried transactions.
             </para>
           </listitem>
 
@@ -7784,10 +7783,10 @@
             </para>
 
             <para>
-              The number of merge passes the sort algorithm has had to
-              do. If this value is large, you should consider increasing
-              the value of the <literal>sort_buffer_size</literal>
-              system variable.
+              The number of merge passes that the sort algorithm has had
+              to do. If this value is large, you should consider
+              increasing the value of the
+              <literal>sort_buffer_size</literal> system variable.
             </para>
           </listitem>
 
@@ -7854,7 +7853,7 @@
             <para>
               The number of times that a table lock could not be
               acquired immediately and a wait was needed. If this is
-              high, and you have performance problems, you should first
+              high and you have performance problems, you should first
               optimize your queries, and then either split your table or
               tables or use replication.
             </para>
@@ -11589,7 +11588,7 @@
       <para>
         MySQL uses security based on Access Control Lists (ACLs) for all
         connections, queries, and other operations that users can
-        attempt to perform. There is also some support for SSL-encrypted
+        attempt to perform. There is also support for SSL-encrypted
         connections between MySQL clients and servers. Many of the
         concepts discussed here are not specific to MySQL at all; the
         same general ideas apply to almost all applications.
@@ -11635,19 +11634,19 @@
               <para>
                 Try <literal>mysql -u root</literal>. If you are able to
                 connect successfully to the server without being asked
-                for a password, you have problems. Anyone can connect to
-                your MySQL server as the MySQL <literal>root</literal>
-                user with full privileges! Review the MySQL installation
-                instructions, paying particular attention to the
-                information about setting a <literal>root</literal>
-                password. See <xref linkend="default-privileges"/>.
+                for a password, anyone can connect to your MySQL server
+                as the MySQL <literal>root</literal> user with full
+                privileges! Review the MySQL installation instructions,
+                paying particular attention to the information about
+                setting a <literal>root</literal> password. See
+                <xref linkend="default-privileges"/>.
               </para>
             </listitem>
 
             <listitem>
               <para>
-                Use the <literal>SHOW GRANTS</literal> statement and
-                check to see who has access to what. Then use the
+                Use the <literal>SHOW GRANTS</literal> statement to
+                check which accounts have access to what. Then use the
                 <literal>REVOKE</literal> statement to remove those
                 privileges that are not necessary.
               </para>
@@ -11662,22 +11661,23 @@
             your computer becomes compromised, the intruder can take the
             full list of passwords and use them. Instead, use
             <literal>MD5()</literal>, <literal>SHA1()</literal>, or some
-            other one-way hashing function.
+            other one-way hashing function and store the hash value.
           </para>
         </listitem>
 
         <listitem>
           <para>
-            Do not choose passwords from dictionaries. There are special
-            programs to break them. Even passwords like
+            Do not choose passwords from dictionaries. Special programs
+            exist to break passwords. Even passwords like
             <quote>xfish98</quote> are very bad. Much better is
             <quote>duag98</quote> which contains the same word
             <quote>fish</quote> but typed one key to the left on a
-            standard QWERTY keyboard. Another method is to use
-            <quote>Mhall</quote> which is taken from the first
-            characters of each word in the sentence <quote>Mary had a
-            little lamb.</quote> This is easy to remember and type, but
-            difficult to guess for someone who does not know it.
+            standard QWERTY keyboard. Another method is to use a
+            password that is taken from the first characters of each
+            word in a sentence (for example, <quote>Mary had a little
+            lamb</quote> results in a password of <quote>Mhall</quote>).
+            The password is easy to remember and type, but difficult to
+            guess for someone who does not know the sentence.
           </para>
         </listitem>
 
@@ -11702,12 +11702,13 @@
                 untrusted hosts. Another simple way to check whether or
                 not your MySQL port is open is to try the following
                 command from some remote machine, where
-                <literal>server_host</literal> is the host on which your
-                MySQL server runs:
+                <replaceable>server_host</replaceable> is the hostname
+                or IP number of the host on which your MySQL server
+                runs:
               </para>
 
 <programlisting>
-shell&gt; <userinput>telnet server_host 3306</userinput>
+shell&gt; <userinput>telnet <replaceable>server_host</replaceable> 3306</userinput>
 </programlisting>
 
               <para>
@@ -11715,8 +11716,8 @@
                 port is open, and should be closed on your firewall or
                 router, unless you really have a good reason to keep it
                 open. If <literal>telnet</literal> hangs or the
-                connection is refused, then the port is blocked, which
-                is how you want it to be.
+                connection is refused, the port is blocked, which is how
+                you want it to be.
               </para>
             </listitem>
 
@@ -11730,7 +11731,7 @@
             escaped character sequences in Web forms, URLs, or whatever
             application you have built. Be sure that your application
             remains secure if a user enters something like
-            <quote><literal>; DROP DATABASE mysql;</literal>.</quote>
+            <quote><literal>; DROP DATABASE mysql;</literal></quote>.
             This is an extreme example, but large security leaks and
             data loss might occur as a result of hackers using similar
             techniques, if you do not prepare for them.
@@ -11879,6 +11880,12 @@
 
             <listitem>
               <para>
+                Ruby DBI: Use placeholders.
+              </para>
+            </listitem>
+
+            <listitem>
+              <para>
                 Java JDBC: Use a <literal>PreparedStatement</literal>
                 object and placeholders.
               </para>
@@ -11899,8 +11906,9 @@
             and ability to intercept it and use it for their own
             purposes. Instead, use an encrypted protocol such as SSL or
             SSH. MySQL supports internal SSL connections as of version
-            4.0.0. SSH port-forwarding can be used to create an
-            encrypted (and compressed) tunnel for the communication.
+            4.0. Another technique is to use SSH port-forwarding to
+            create an encrypted (and compressed) tunnel for the
+            communication.
           </para>
         </listitem>
 
@@ -11949,33 +11957,29 @@
         connection. Password handling during the client connection
         sequence was upgraded in MySQL 4.1.1 to be very secure. If you
         are still using pre-4.1.1-style passwords, the encryption
-        algorithm is not as strong as the newer algorithm; with some
-        effort a clever attacker who can sniff the traffic between the
+        algorithm is not as strong as the newer algorithmm With some
+        effort, a clever attacker who can sniff the traffic between the
         client and the server can crack the password. (See
         <xref linkend="password-hashing"/>, for a discussion of the
-        different password handling methods.) If the connection between
-        the client and the server goes through an untrusted network, you
-        should use an SSH tunnel to encrypt the communication.
+        different password handling methods.)
       </para>
 
       <para>
         All other information is transferred as text, and can be read by
-        anyone who is able to watch the connection. If you are concerned
-        about this, you can use the compressed protocol to make traffic
-        much more difficult to decipher. To make the connection even
-        more secure, you should use SSH to get an encrypted TCP/IP
-        connection between a MySQL server and a MySQL client. You can
-        find an Open Source SSH client at
+        anyone who is able to watch the connection. If the connection
+        between the client and the server goes through an untrusted
+        network, and you are concerned about this, you can use the
+        compressed protocol to make traffic much more difficult to
+        decipher. You can also use MySQL's internal SSL support to make
+        the connection even more secure. See
+        <xref linkend="secure-connections"/>. Alternatively, use SSH to
+        get an encrypted TCP/IP connection between a MySQL server and a
+        MySQL client. You can find an Open Source SSH client at
         <ulink url="http://www.openssh.org/"/>, and a commercial SSH
         client at <ulink url="http://www.ssh.com/"/>.
       </para>
 
       <para>
-        You can also use MySQL's internal OpenSSL support. See
-        <xref linkend="secure-connections"/>.
-      </para>
-
-      <para>
         To make a MySQL system secure, you should strongly consider the
         following suggestions:
       </para>
@@ -11984,34 +11988,23 @@
 
         <listitem>
           <para>
-            Use passwords for all MySQL users. A client program does not
-            necessarily know the identity of the person running it. It
-            is common for client/server applications that the user can
-            specify any username to the client program. For example,
-            anyone can use the <command>mysql</command> program to
-            connect as any other person simply by invoking it as
+            Require all MySQL accounts to have a password. A client
+            program does not necessarily know the identity of the person
+            running it. It is common for client/server applications that
+            the user can specify any username to the client program. For
+            example, anyone can use the <command>mysql</command> program
+            to connect as any other person simply by invoking it as
             <literal>mysql -u <replaceable>other_user</replaceable>
             <replaceable>db_name</replaceable></literal> if
             <replaceable>other_user</replaceable> has no password. If
-            all users have a password, connecting using another user's
+            all account have a password, connecting using another user's
             account becomes much more difficult.
           </para>
 
           <para>
-            To change the password for a user, use the <literal>SET
-            PASSWORD</literal> statement. It is also possible to update
-            the <literal>user</literal> table in the
-            <literal>mysql</literal> database directly. For example, to
-            change the password of all MySQL accounts that have a
-            username of <literal>root</literal>, do this:
+            For a discussion of methods for setting passwords, see
+            <xref linkend="passwords"/>.
           </para>
-
-<programlisting>
-shell&gt; <userinput>mysql -u root</userinput>
-mysql&gt; <userinput>UPDATE mysql.user SET Password=PASSWORD('<replaceable>newpwd</replaceable>')</userinput>
-    -&gt; <userinput>WHERE User='root';</userinput>
-mysql&gt; <userinput>FLUSH PRIVILEGES;</userinput>
-</programlisting>
         </listitem>
 
         <listitem>
@@ -12019,8 +12012,9 @@
             Never run the MySQL server as the Unix
             <literal>root</literal> user. This is extremely dangerous,
             because any user with the <literal>FILE</literal> privilege
-            is able to create files as <literal>root</literal> (for
-            example, <literal>~root/.bashrc</literal>). To prevent this,
+            is able to cause the server to create files as
+            <literal>root</literal> (for example,
+            <literal>~root/.bashrc</literal>). To prevent this,
             <command>mysqld</command> refuses to run as
             <literal>root</literal> unless that is specified explicitly
             using the <option>--user=root</option> option.
@@ -12033,11 +12027,10 @@
             everything even more secure. Use this account only for
             administering MySQL. To start <command>mysqld</command> as a
             different Unix user, add a <literal>user</literal> option
-            that specifies the username to the
+            that specifies the username in the
             <literal>[mysqld]</literal> group of the
-            <filename>/etc/my.cnf</filename> option file or the
-            <filename>my.cnf</filename> option file in the server's data
-            directory. For example:
+            <filename>my.cnf</filename> option file where you specify
+            server options. For example:
           </para>
 
 <programlisting>
@@ -12064,12 +12057,13 @@
 
         <listitem>
           <para>
-            Don't allow the use of symlinks to tables. (This can be
-            disabled with the <option>--skip-symbolic-links</option>
-            option.) This is especially important if you run
-            <command>mysqld</command> as <literal>root</literal>,
-            because anyone that has write access to the server's data
-            directory then could delete any file in the system! See
+            Do not allow the use of symlinks to tables. (This capability
+            can be disabled with the
+            <option>--skip-symbolic-links</option> option.) This is
+            especially important if you run <command>mysqld</command> as
+            <literal>root</literal>, because anyone that has write
+            access to the server's data directory then could delete any
+            file in the system! See
             <xref linkend="symbolic-links-to-tables"/>.
           </para>
         </listitem>
@@ -12084,14 +12078,15 @@
 
         <listitem>
           <para>
-            Don't grant the <literal>PROCESS</literal> or
+            Do not grant the <literal>PROCESS</literal> or
             <literal>SUPER</literal> privilege to non-administrative
             users. The output of <command>mysqladmin
-            processlist</command> shows the text of any statements
-            currently being executed, so any user who is allowed to
-            execute to run that command might be able to see whether
-            another user issues a statement such as <literal>UPDATE user
-            SET password=PASSWORD('not_secure')</literal>.
+            processlist</command> and <literal>SHOW
+            PROCESSLIST</literal> shows the text of any statements
+            currently being executed, so any user who is allowed to see
+            the server process list might be able to see whether another
+            user issues a statement such as <literal>UPDATE user SET
+            password=PASSWORD('not_secure')</literal>.
           </para>
 
           <para>
@@ -12112,7 +12107,7 @@
 
         <listitem>
           <para>
-            Don't grant the <literal>FILE</literal> privilege to
+            Do not grant the <literal>FILE</literal> privilege to
             non-administrative users. Any user that has this privilege
             can write a file anywhere in the filesystem with the
             privileges of the <command>mysqld</command> daemon! To make
@@ -12242,9 +12237,9 @@
           </para>
 
           <para>
-            If this is enabled, a user cannot create new users by using
-            the <literal>GRANT</literal> statement unless the user has
-            the <literal>INSERT</literal> privilege for the
+            If this option is enabled, a user cannot create new MySQL
+            users by using the <literal>GRANT</literal> statement unless
+            the user has the <literal>INSERT</literal> privilege for the
             <literal>mysql.user</literal> table. If you want a user to
             have the ability to create new users that have those
             privileges that the user has right to grant, you should
@@ -12318,7 +12313,7 @@
           </para>
 
           <para>
-            Don't allow TCP/IP connections over the network. All
+            Do not allow TCP/IP connections over the network. All
             connections to <command>mysqld</command> must be made via
             Unix socket files.
           </para>
@@ -12385,8 +12380,8 @@
             process has read access to (assuming that a user could run
             any command against the SQL server). In this environment,
             the client with respect to the MySQL server actually is the
-            Web server, not the program being run by the user connecting
-            to the Web server.
+            Web server, not the remote program being run by the user who
+            connects to the Web server.
           </para>
         </listitem>
 
@@ -12411,11 +12406,11 @@
 
         <listitem>
           <para>
-            If you build MySQL from source but don't use the
-            <option>--enable-local-infile</option> option to
-            <command>configure</command>, <literal>LOAD DATA
-            LOCAL</literal> cannot be used by any client unless it is
-            written explicitly to invoke <literal>mysql_options(...
+            If you build MySQL from source but do not invoke
+            <command>configure</command> with the
+            <option>--enable-local-infile</option> option, <literal>LOAD
+            DATA LOCAL</literal> cannot be used by any client unless it
+            is written explicitly to invoke <literal>mysql_options(...
             MYSQL_OPT_LOCAL_INFILE, 0)</literal>. See
             <xref linkend="mysql-options"/>.
           </para>
@@ -12614,7 +12609,7 @@
 
     <para>
       MySQL has an advanced but non-standard security and privilege
-      system. This section describes how it works.
+      system. The following discussion describes how it works.
     </para>
 
     <section id="what-privileges">
@@ -12637,7 +12632,7 @@
 
       <para>
         The primary function of the MySQL privilege system is to
-        authenticate a user connecting from a given host, and to
+        authenticate a user who connects from a given host and to
         associate that user with privileges on a database such as
         <literal>SELECT</literal>, <literal>INSERT</literal>,
         <literal>UPDATE</literal>, and <literal>DELETE</literal>.

Thread
svn commit - mysqldoc@docsrva: r1074 - in trunk: . refman-4.1 refman-5.0 refman-5.1paul28 Jan