Improving the security of MySQL database (1)

Talk about how to improve the security of the MySQL database from the perspective of the operating system

If you are running an operating system similar to UNIX, then running the MySQL server (mysqld) as a root user is A very bad idea. Because this may give a MySQL ordinary user permission to read and write files anywhere in the operating system. This is very important, but easily overlooked, and is a well-known method used to attack Apache websites. (Thankfully, the "white hat" hackers who attacked the site were good guys, and the only action they took was to tighten security).

It is a good idea to create a specific MySQL user specifically for running mysqld. In addition, you can create directories (where physical data is stored) that can only be accessed by the MySQL user. In many installation methods, the server is set up to run the server as the user whose userid is mysql in the MySQL group

However, a more ideal approach is to set up the MySQL server behind a firewall. In this way, the MySQL server can terminate connections from unauthorized machines; check whether you can connect to MySQL from outside the server on port number 3306. This is the default port that MySQL runs on, and it can be closed in the firewall.

It is not a good solution to set up security only from the perspective of MYSQL itself, because the website software system is an integration of multiple systems. After the system is integrated, problems with other software will cause MYSQL problems. Uncertainty increases. Only by having a good understanding of the relevant integrated systems can we do a good job of security for the entire website system.

##Protect MYSQL database security from the perspective of network and software:

Configure the firewall: start the operating system firewall or a professional firewall to prohibit the default connection port 3306 of MYSQL on this server. Try to use one IP address for the management database. This allows you to authorize this IP to access and prohibit other IPs from accessing.

2. Run apache with reduced rights:
It is a good suggestion to establish a user with normal permissions to run apache as a service. In this case, you must also set the relevant directory permissions. For detailed steps, please refer to the article How to set directory permissions in dedeCMS.

The above is the detailed content of Improving the security of MySQL database (1). For more information, please follow other related articles on the PHP Chinese website!