Home > Backend Development > PHP Tutorial > How to make MySQL secure against decryption masters_PHP Tutorial

How to make MySQL secure against decryption masters_PHP Tutorial

WBOY
Release: 2016-07-13 17:01:51
Original
757 people have browsed it

When you connect to a MySQL server, you should usually use a password. Passwords are not transmitted over the connection in clear text.

All other information is transmitted as text that can be read by anyone. If you're worried about this, you can use the compression protocol (MySQL 3.22 and above) to make things harder. Even to make everything more secure, you should install ssh (see http://www.cs.hut.fi/ssh). Using it, you can get an encrypted TCP/IP connection between a MySQL server and a MySQL client.

In order to make a MySQL system secure, you are urged to consider the following recommendations:
Use passwords for all MySQL users. Remember, if other_user does not have a password, anyone can log in as anyone else simply with mysql -u other_user db_name. For client/server applications, it is common practice for the client to specify any username. Before you run it, you can change the passwords for all users, or just the MySQL root password, by editing the mysql_install_db script, like this:
shell> mysql -u root mysql
mysql> UPDATE user SET Password=PASSWORD( 'new_password')
WHERE user='root';
mysql> FLUSH PRIVILEGES;
Do not run the MySQL daemon as the root user on Unix. mysqld can run as any user, you can also create a new Unix user mysql to make everything more secure. If you are running mysqld as another Unix user, you do not need to change the root username in the user table, because the MySQL username has nothing to do with the Unix username. You can edit the mysql.server startup script mysqld as another Unix user. Usually this is done with the su command. For more details, see 18.8 How to run MySQL as a normal user.

If you put a Unix root user password in the mysql.server script, make sure that the script is readable only by root.

Check that the Unix user running mysqld is the only user with read/write permissions in the database directory.

Do not give process permissions to all users. The output of mysqladmin processlist displays the text of the currently executed query. If another user issues an UPDATE user SET password=PASSWORD('not_secure') query, any user allowed to execute that command may see it. mysqld reserves an extra connection for users with process privileges so that a MySQL root user can log in and check even if all normal connections are in use.

Do not give file permissions to all users.

Any user with this permission can write a file in the file system with mysqld daemon permissions! To make this safer, all files generated with SELECT ... INTO OUTFILE are readable by everyone, and you cannot overwrite existing files.

The file permission can also be used to read any file accessible as the Unix user running the server. This can be abused, for example, by using LOAD DATA to load "/etc/passwd" into a database table, which can then be read in using SELECT.

If you don't trust your DNS, you should use IP numbers instead of hostnames in authorization tables. In principle, the --secure option to mysqld should make the hostname more secure. In any case, you should be very careful about using hostnames that contain wildcards.


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/631110.htmlTechArticleWhen you connect to a MySQL server, you should usually use a password. Passwords are not transmitted over the connection in clear text. All other information is transmitted as text that can be read by anyone. Such as...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template