1, Production Environment Program account permissions must be categorized:
– Read and write accounts, and read/write separation
–DDL Account
– Accounts with special privileges, such as replication client,show databases, etc.
– Monitor and manage program accounts
2, an account corresponding to a database module, and the account name must contain the module name (when the vertical split, view traffic)
3, prohibit the developer directly SSH into the DBA machine, prohibit the program account has file, super and other high-risk permissions
4. The program is prohibited from using load data and is replaced with the load data local. If no load data is required, turn off the--local-infile option for the server.
5, Temporary account contains "TMP", Offline account contains "offline" and other recognizable words
6, the same cluster within the synchronization account and password must be unified
7, new account, authorization permission, change password must use the GRANT statement
8. Revoke permission must use REVOKE or drop USER statement
9. Database parameter old_passwords must be set to OFF
Most of the databases used by internet companies areMySQL's, want a lot ofIT workers stand out from the need for advanced technology, learning to add value is essential. The way of learning is your insistence. Old boy EducationMySQL DBA Course, updated course,eliminate the theory, the whole enterprise real case combined with theoretical teaching, want to learn deeplyMySQL DBAknowledge, can pay attention to the education of older boys.
How do I improve MySQL security?