MySQL參數log_bin_trust_function_creators介紹

時間 2019-11-06

標籤 mysql 參數 log bin trust function creators 介紹欄目 MySQL 简体版

原文原文鏈接

MySQL的有個參數log_bin_trust_function_creators，官方文檔對這個參數的介紹、解釋以下所示：html

log_bin_trust_function_creatorsmysql

Command-Line Formatsql	--log-bin-trust-function-creators數據庫
System Variable安全	Name服務器	log_bin_trust_function_creatorsapp
	Variable Scopeless	Globalide
	Dynamic Variable函數	Yes
Permitted Values	Type	boolean
Permitted Values	Default	FALSE

This variable applies when binary logging is enabled. It controls whether stored function creators can be trusted not to create stored functions that will cause unsafe events to be written to the binary log. If set to 0 (the default), users are not permitted to create or alter stored functions unless they have the SUPER privilege in addition to the CREATE ROUTINE or ALTER ROUTINE privilege. A setting of 0 also enforces the restriction that a function must be declared with the DETERMINISTIC characteristic, or with the READS SQL DATA or NO SQL characteristic. If the variable is set to 1, MySQL does not enforce these restrictions on stored function creation. This variable also applies to trigger creation. See Section 23.7, 「Binary Logging of Stored Programs」.

簡單介紹一下，當二進制日誌啓用後，這個變量就會啓用。它控制是否能夠信任存儲函數建立者，不會建立寫入二進制日誌引發不安全事件的存儲函數。若是設置爲0（默認值），用戶不得建立或修改存儲函數，除非它們具備除CREATE ROUTINE或ALTER ROUTINE特權以外的SUPER權限。設置爲0還強制使用DETERMINISTIC特性或READS SQL DATA或NO SQL特性聲明函數的限制。若是變量設置爲1，MySQL不會對建立存儲函數實施這些限制。此變量也適用於觸發器的建立。請參見第23.7節「Binary Logging of Stored Programs」。

下面咱們測試一下，當開啓二進制日誌後，若是變量log_bin_trust_function_creators爲OFF，那麼建立或修改存儲函數就會報「ERROR 1418 (HY000): This function has none of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)」這樣的錯誤，以下所示：

 
  mysql> show variables like 'log_bin'; 
   
  +---------------+-------+ 
   
  | Variable_name | Value | 
   
  +---------------+-------+ 
   
  | log_bin       | ON    | 
   
  +---------------+-------+ 
   
  1 row in set (0.00 sec) 
   
  mysql>  show variables like '%log_bin_trust_function_creators%'; 
   
  +---------------------------------+-------+ 
   
  | Variable_name                   | Value | 
   
  +---------------------------------+-------+ 
   
  | log_bin_trust_function_creators | OFF   | 
   
  +---------------------------------+-------+ 
   
  1 row in set (0.00 sec) 
   
  mysql>  
   
  mysql> DELIMITER // 
   
  mysql> CREATE FUNCTION GET_UPPER_NAME(emp_id INT) 
   
      -> RETURNS VARCHAR(12) 
   
      -> BEGIN 
   
      ->   RETURN(SELECT UPPER(NAME) FROM TEST WHERE ID=emp_id); 
   
      -> END 
   
      -> // 
   
  ERROR 1418 (HY000): This function has none of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable) 
   
  mysql>

在調用存儲函數時，也會遇到這個錯誤,以下測試所示：

 
  mysql> DELIMITER ; 
   
  mysql> set global log_bin_trust_function_creators=1; 
   
  Query OK, 0 rows affected (0.00 sec) 
   
  mysql> DELIMITER // 
   
  mysql> CREATE FUNCTION GET_UPPER_NAME(emp_id INT) 
   
      -> RETURNS VARCHAR(12) 
   
      -> BEGIN 
   
      ->   RETURN(SELECT UPPER(NAME) FROM TEST WHERE ID=emp_id); 
   
      -> END 
   
      -> // 
   
  Query OK, 0 rows affected (0.00 sec) 
   
  mysql> SELECT ID, 
   
      ->        GET_UPPER_NAME(ID) 
   
      -> FROM TEST; 
   
      -> // 
   
  +------+--------------------+ 
   
  | ID   | GET_UPPER_NAME(ID) | 
   
  +------+--------------------+ 
   
  |  100 | KERRY              | 
   
  |  101 | JIMMY              | 
   
  +------+--------------------+ 
   
  2 rows in set (0.00 sec) 
   
  mysql> DELIMITER ; 
   
  mysql> set global log_bin_trust_function_creators=0; 
   
  Query OK, 0 rows affected (0.00 sec) 
   
  mysql> SELECT ID, 
   
      ->        GET_UPPER_NAME(ID) 
   
      -> FROM TEST; 
   
  ERROR 1418 (HY000): This function has none of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable) 
   
  mysql>

那麼爲何MySQL有這樣的限制呢？由於二進制日誌的一個重要功能是用於主從複製，而存儲函數有可能致使主從的數據不一致。因此當開啓二進制日誌後，參數log_bin_trust_function_creators就會生效，限制存儲函數的建立、修改、調用。那麼此時如何解決這個問題呢？官方文檔介紹以下，具體能夠參考23.7 Binary Logging of Stored Programs

If you do not want to require function creators to have the SUPER privilege (for example, if all users with the CREATE ROUTINE privilege on your system are experienced application developers), set the global log_bin_trust_function_creators system variable to 1. You can also set this variable by using the --log-bin-trust-function-creators=1 option when starting the server. If binary logging is not enabled, log_bin_trust_function_creators does not apply. SUPER is not required for function creation unless, as described previously, the DEFINER value in the function definition requires it.

If a function that performs updates is nondeterministic, it is not repeatable. This can have two undesirable effects:

· It will make a slave different from the master.

· Restored data will be different from the original data.

To deal with these problems, MySQL enforces the following requirement: On a master server, creation and alteration of a function is refused unless you declare the function to be deterministic or to not modify data. Two sets of function characteristics apply here:

· The DETERMINISTIC and NOT DETERMINISTIC characteristics indicate whether a function always produces the same result for given inputs. The default is NOT DETERMINISTIC if neither characteristic is given. To declare that a function is deterministic, you must specify DETERMINISTIC explicitly.

· The CONTAINS SQL, NO SQL, READS SQL DATA, and MODIFIES SQL DATA characteristics provide information about whether the function reads or writes data. Either NO SQL or READS SQL DATA indicates that a function does not change data, but you must specify one of these explicitly because the default is CONTAINS SQL if no characteristic is given.

1：若是數據庫沒有使用主從複製，那麼就能夠將參數log_bin_trust_function_creators設置爲1。

mysql> set global log_bin_trust_function_creators=1;

這個動態設置的方式會在服務重啓後失效，因此咱們還必須在my.cnf中設置，加上log_bin_trust_function_creators=1，這樣就會永久生效。

2：明確指明函數的類型，若是咱們開啓了二進制日誌，那麼咱們就必須爲咱們的function指定一個參數。其中下面幾種參數類型裏面，只有 DETERMINISTIC, NO SQL 和 READS SQL DATA 被支持。這樣一來至關於明確的告知MySQL服務器這個函數不會修改數據。

1 DETERMINISTIC 肯定的

2 NO SQL 沒有SQl語句，固然也不會修改數據

3 READS SQL DATA 只是讀取數據，固然也不會修改數據

4 MODIFIES SQL DATA 要修改數據

5 CONTAINS SQL 包含了SQL語句

 
  mysql> show variables like 'log_bin_trust_function_creators'; 
   
  +---------------------------------+-------+ 
   
  | Variable_name                   | Value | 
   
  +---------------------------------+-------+ 
   
  | log_bin_trust_function_creators | OFF   | 
   
  +---------------------------------+-------+ 
   
  1 row in set (0.00 sec) 
   
  mysql> DROP FUNCTION GET_UPPER_NAME; 
   
  Query OK, 0 rows affected (0.00 sec) 
   
  mysql> DELIMITER // 
   
  mysql> CREATE FUNCTION GET_UPPER_NAME(emp_id INT) 
   
      -> RETURNS VARCHAR(12) 
   
      -> READS SQL DATA 
   
      -> BEGIN 
   
      ->   RETURN(SELECT UPPER(NAME) FROM TEST WHERE ID=emp_id); 
   
      -> END 
   
      -> // 
   
  Query OK, 0 rows affected (0.01 sec) 
   
  mysql> DELIMITER ; 
   
  mysql> SELECT ID, 
   
      ->        GET_UPPER_NAME(ID) 
   
      -> FROM TEST; 
   
  +------+--------------------+ 
   
  | ID   | GET_UPPER_NAME(ID) | 
   
  +------+--------------------+ 
   
  |  100 | KERRY              | 
   
  |  101 | JIMMY              | 
   
  +------+--------------------+ 
   
  2 rows in set (0.00 sec)