How to build a secure MySQL database

We all know that security is very important, in the use of MySQL security problem is all we must pay attention to. Here are the MySQL database tips are worth our attention 23 things, if you are the MySQL database crazy family, you can browse the following articles.

1. If the client and server connections need to cross and pass through untrusted networks, then SSH tunneling is required to encrypt the connection's traffic.

2. Use the Set Password statement to modify the user's password, three steps, first "MySQL (and PHP collocation of the best combination)-u root" Login database system, and then "MySQL (and PHP collocation of the best combination) > Update MySQL ( The best combination with PHP). User set Password=password (' Newpwd '), and finally execute "flush privileges".

3. Attacks that need to be guarded against eavesdropping, tampering, replay, denial of service, etc., do not involve availability and fault tolerance. All connections, queries, and other operations are done using MySQL security measures based on ACLs, which are access control lists. There are also some support for SSL connections.

4. Any user other than the root user is not allowed to access the user table in the main database of MySQL (and the best combination of PHP);

Once the encrypted user password is stored in the user table after the encryption, the other person can freely use the corresponding database of the username/password;

5. Use GRANT and REVOKE statements to perform user access control work;

6. Instead of using plaintext passwords, use a one-way, MD5 () and SHA1 () function to set the password;

7. Do not use the word in the dictionary to do the password;

8. Use a firewall to remove the 50% external risk, let the database system behind the firewall to work, or placed in the DMZ area;

9. Using Nmap to scan 3306 ports from the Internet, can also use Telnet server_host 3306 method test, can not be allowed to access the database server TCP port No. 3306 from the non-trusted network, so need to be set up on the firewall or router;

10. In order to prevent the malicious passing of illegal parameters, such as where id=234, others but input where id=234 or 1=1 cause the full display, so in the Web Form using "or" to use the string, in the dynamic URL to add the%22 for double quotes,% 23 for the pound,% 27 represents single quotes; passing unchecked values to MySQL (and the best combination of PHP) database is very dangerous;

11. Check the size when passing data to MySQL (the best combination with PHP);

12. The application needs to connect to the database should use a normal user account, only open a few necessary permissions to the user;

13. Use a specific ' escape character ' function in each programming interface (c C + + PHP Perl Java jdbc, etc.);

The use of MySQL (and PHP collocation of the best combination) database on the Internet must be less used to transmit plaintext data, and the use of SSL and SSH encryption data transmission;

14. Learn to use the tcpdump and strings tools to view MySQL security for transmitted data, such as Tcpdump-l-I eth0-w-src or DST Port 3306 | Strings Start MySQL (and PHP collocation) database service with normal users;

15. Do not use the junction symbol to the table, the choice of parameters--skip-symbolic-links;

16. Make sure that only users who start the database service in MySQL (and the best combination of PHP) can have read and write access to the file;

17. Do not pay the process or super permissions to non-administrative users, the MySQL (and PHP collocation of the best combination) Admin processlist can enumerate the current execution of the query text; Super permissions can be used to cut off client connections, change server operating parameter status, The server that controls the copy copy database;

18.file permissions do not pay to users other than the administrator, to prevent the load data '/etc/passwd ' to the table and then use select display problems;

19. If you do not trust the services of the DNS service company, you can only set the IP numeric address in the Host name allow table;

20. Use the max_user_connections variable to make MySQL (the best combination with PHP) d service process, limit the number of connections to a specified account;

The 21.grant statement also supports resource control options;

22. Start MySQL (and PHP collocation of the best combination) d service process MySQL security option switch,--local-infile=0 or 1 if 0 the client program will not be able to use the local load data, an example of empowering the grant insert ( User) on MySQL (and the best combination of PHP collocation). User to ' user_name ' @ ' host_name ';

If using the--skip-grant-tables system will not make any access control to any user's access, but can use MySQL (and PHP collocation of the best combination) admin flush-privileges or MySQL (and PHP collocation of the best combination) admin Reload to turn on access control; By default, the show databases statement is open to all users and can be closed with--skip-show-databases.

23. When you encounter error 1045 (28000) Access Denied for user ' root ' @ ' localhost ' (Using password:no) errors, you need to reset the password by: Start MySQL with the--skip-grant-tables parameter (the best combination of PHP collocation) d, and then execute MySQL (and PHP collocation of the best combination)-u root mysql (and php collocation of the best combination).

MySQL (the best combination of PHP collocation) >update user set Password=password (' NewPassword ') where user= ' root '; MySQL (and PHP collocation of the best combination) >flush privileges, and finally restart MySQL (and PHP collocation of the best combination) will be.

For more information, please contact Ding Feng Hu Jiashong
qq.2881064155
skype.live:2881064155

How to build a secure MySQL database