Home Database Mysql Tutorial Mysql security precautions

Mysql security precautions

Dec 16, 2016 am 11:25 AM

When using MySQL, security issues cannot be ignored. The following are 23 notes from MySQL:

 1. If the connection between the client and the server needs to span and pass through an untrusted network, then you need to use an SSH tunnel to encrypt the communication of the connection.

  2. Use the set passWord statement to change the user's password. Three steps. First log in to the database system with "mysql -u root", then "mysql> update mysql.user set password=password('newpwd')", and finally execute Just “flush PRivileges”.

  3. Attacks that need to be guarded against include anti-eavesdropping, tampering, replay, denial of service, etc., which do not involve availability and fault tolerance. All connections, queries, and other operations are completed using security measures based on ACL (access control list). There is also some support for SSL connections.

 4. Any other user except the root user is not allowed to access the user table in the mysql main database;

 Once the encrypted user password stored in the user table is leaked, others can use the user name at will/ Database corresponding to the password; 5. Use grant and revoke statements to perform user access control work; 6. Do not use plain text passwords, but use one-way hash functions such as md5() and sha1() to set them Password;

 7. Do not use words in the dictionary as passwords;

 8. Use firewalls to remove 50% of external risks, and let the database system work behind the firewall, or place it in the DMZ zone;

 9. Use nmap to scan port 3306 from the Internet, or use telnet server_host 3306 to test. Access to TCP port 3306 of the database server from an untrusted network is not allowed, so settings need to be made on the firewall or router;

 10. In order to prevent illegal parameters from being maliciously passed in, such as where ID=234, but others enter where ID=234 OR 1=1, causing all to be displayed, so use '' or "" to use strings in the web form, and use strings in the dynamic URL Adding %22 represents double quotes, %23 represents pound sign, and %27 represents single quotes; it is very dangerous to pass unchecked values ​​to the mysql database;

 11. Check the size when passing data to mysql;

12. Applications that need to connect to the database should use a general user account, and only open a few necessary permissions to the user; 13. Use specific 'escape character' functions in various programming interfaces (C C++ php Perl java JDBC, etc.) ;

  When using mysql database on the Internet, be sure not to transmit plain text data, and use SSL and SSH encryption to transmit data;

  14. Learn to use tcpdump and strings tools to check the security of transmitted data, such as tcpdump -l -i eth0 -w -src or dst port 3306   strings. Start the mysql database service as an ordinary user;

 15. Do not use the link symbol of the table, select the parameter --skip-symbolic-links; 16. Make sure that only the user who starts the database service in the mysql directory can access the database service. The file has read and write permissions;

 17. Process or super permissions are not allowed to be given to non-administrative users. The mysqladmin processlist can list the currently executed query text; super permissions can be used to cut off client connections and change the status of server operating parameters. , control the server that copies and replicates the database;

  18. File permissions are not given to users other than administrators to prevent the problem of loading data '/etc/passwd' into the table and then using select to display it;

  19. If not If you believe in the service of the DNS service company, you can only set the IP numeric address in the host name permission table;

 20. Use the max_user_connections variable to make the mysqld service process limit the number of connections for a specified account;

 21. The grant statement also supports resources Control options;

 22. Start the security option switch of the mysqld service process, --local-infile=0 or 1. If it is 0, the client program cannot use local load data. An example of grant grant insert(user) on mysql.user to 'user_name'@'host_name'; If you use --skip-grant-tables, the system will not perform any access control on any user's access, but you can use mysqladmin flush-privileges or mysqladmin reload to enable access control; default The situation is that the show databases statement is open to all users and can be turned off with --skip-show-databases.

 23. When encountering Error 1045 (28000) access Denied for user 'root'@'localhost' (Using password:NO), you need to reset the password. The specific method is: first use --skip-grant-tables Start mysqld with the parameters, then execute mysql -u root mysql,mysql>update user set password=password('newpassword') where user='root';mysql>Flush privileges;, and finally restart mysql.

The above is the content of Mysql security precautions. For more related articles, please pay attention to the PHP Chinese website (www.php.cn)!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

PHP's big data structure processing skills PHP's big data structure processing skills May 08, 2024 am 10:24 AM

Big data structure processing skills: Chunking: Break down the data set and process it in chunks to reduce memory consumption. Generator: Generate data items one by one without loading the entire data set, suitable for unlimited data sets. Streaming: Read files or query results line by line, suitable for large files or remote data. External storage: For very large data sets, store the data in a database or NoSQL.

How to optimize MySQL query performance in PHP? How to optimize MySQL query performance in PHP? Jun 03, 2024 pm 08:11 PM

MySQL query performance can be optimized by building indexes that reduce lookup time from linear complexity to logarithmic complexity. Use PreparedStatements to prevent SQL injection and improve query performance. Limit query results and reduce the amount of data processed by the server. Optimize join queries, including using appropriate join types, creating indexes, and considering using subqueries. Analyze queries to identify bottlenecks; use caching to reduce database load; optimize PHP code to minimize overhead.

How to use MySQL backup and restore in PHP? How to use MySQL backup and restore in PHP? Jun 03, 2024 pm 12:19 PM

Backing up and restoring a MySQL database in PHP can be achieved by following these steps: Back up the database: Use the mysqldump command to dump the database into a SQL file. Restore database: Use the mysql command to restore the database from SQL files.

How to insert data into a MySQL table using PHP? How to insert data into a MySQL table using PHP? Jun 02, 2024 pm 02:26 PM

How to insert data into MySQL table? Connect to the database: Use mysqli to establish a connection to the database. Prepare the SQL query: Write an INSERT statement to specify the columns and values ​​to be inserted. Execute query: Use the query() method to execute the insertion query. If successful, a confirmation message will be output.

How to fix mysql_native_password not loaded errors on MySQL 8.4 How to fix mysql_native_password not loaded errors on MySQL 8.4 Dec 09, 2024 am 11:42 AM

One of the major changes introduced in MySQL 8.4 (the latest LTS release as of 2024) is that the "MySQL Native Password" plugin is no longer enabled by default. Further, MySQL 9.0 removes this plugin completely. This change affects PHP and other app

How to use MySQL stored procedures in PHP? How to use MySQL stored procedures in PHP? Jun 02, 2024 pm 02:13 PM

To use MySQL stored procedures in PHP: Use PDO or the MySQLi extension to connect to a MySQL database. Prepare the statement to call the stored procedure. Execute the stored procedure. Process the result set (if the stored procedure returns results). Close the database connection.

How to create a MySQL table using PHP? How to create a MySQL table using PHP? Jun 04, 2024 pm 01:57 PM

Creating a MySQL table using PHP requires the following steps: Connect to the database. Create the database if it does not exist. Select a database. Create table. Execute the query. Close the connection.

The difference between oracle database and mysql The difference between oracle database and mysql May 10, 2024 am 01:54 AM

Oracle database and MySQL are both databases based on the relational model, but Oracle is superior in terms of compatibility, scalability, data types and security; while MySQL focuses on speed and flexibility and is more suitable for small to medium-sized data sets. . ① Oracle provides a wide range of data types, ② provides advanced security features, ③ is suitable for enterprise-level applications; ① MySQL supports NoSQL data types, ② has fewer security measures, and ③ is suitable for small to medium-sized applications.

See all articles