Home > Database > Mysql Tutorial > mysql 数据库管理中的安全问题(一)

mysql 数据库管理中的安全问题(一)

WBOY
Release: 2016-06-07 15:07:39
Original
1187 people have browsed it

从网上看到一些帖子,面试者被问到如何认识mysql数据库的安全问题。很多安全问题都是由于对账号管理不妥当造成的。 1 删除匿名账号 在mysql版本中,安装完mysql后,默认会有一个匿名账号,只有执行mysql命令就能登录上去。如下: 直接执行mysql 登录上数据库

   从网上看到一些帖子,面试者被问到如何认识mysql数据库的安全问题。很多安全问题都是由于对账号管理不妥当造成的。

  1 删除匿名账号

           在mysql版本中,安装完mysql后,默认会有一个匿名账号,只有执行mysql命令就能登录上去。如下:

直接执行mysql 登录上数据库,进入test数据库下

 [xkyx80@localhost ~]$ mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 488
Server version: 5.5.20-log Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               |
+--------------------+
2 rows in set (0.00 sec)

mysql> ues test;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ues test' at line 1
mysql> use test;
Database changed
mysql> show tables;
+-------------------+
| Tables_in_test    |
+-------------------+
| gonghui2          |
| item              |
| site              |
| tbl_ad_monitor_ip |
| test              |
| test2             |
| test_             |
| test_level        |
| tx                |
+-------------------+
9 rows in set (0.00 sec)

那么它具有的权限呢 ?   现在查看一下mysql下user用户表

mysql> select user();
+----------------+
| user()         |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)

mysql> select * from mysql.user \G;

                  Host: localhost.localdomain
                  User:
              Password:
           Select_priv: N
           Insert_priv: N
           Update_priv: N
           Delete_priv: N
           Create_priv: N
             Drop_priv: N
           Reload_priv: N
         Shutdown_priv: N
          Process_priv: N
             File_priv: N
            Grant_priv: N
       References_priv: N
            Index_priv: N
            Alter_priv: N
          Show_db_priv: N
            Super_priv: N
 Create_tmp_table_priv: N
      Lock_tables_priv: N
          Execute_priv: N
       Repl_slave_priv: N
      Repl_client_priv: N
      Create_view_priv: N
        Show_view_priv: N
   Create_routine_priv: N
    Alter_routine_priv: N
      Create_user_priv: N
            Event_priv: N
          Trigger_priv: N
Create_tablespace_priv: N
              ssl_type:
            ssl_cipher:
           x509_issuer:
          x509_subject:
         max_questions: 0
           max_updates: 0
       max_connections: 0
  max_user_connections: 0
                plugin:
 authentication_string: NULL

这样普通用户即可登录mysql ,建大表等操作,建议删掉此账号,或者给此账号加密码。

2 给root账号设置口令

  mysql 安装完毕,要给root 账号设定口令

 [xkyx80@localhost ~]$ mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 490
Server version: 5.5.20-log Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> set password=password('密码');

3 设置安全的密码

      1 密码设置的尽量复杂,带有字母、数字、特殊字符等

      2 使用上保证安全,不被窃取,在登陆mysql时,使用交互式登陆方式,手动输入密码比较安全。

4  只赋予账号必须的权限,只需要增删改查,那就只赋予 select、update、insert、delete权限 ,权限赋予具体化,对用户赋予 all privilege权限是危险的。


     from : 读书笔记 深入浅出mysql

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template