MySQL Security settings

With MySQL, security issues cannot be noticed. Here are 23 things to note about MySQL tips:

1. If the client and server-side connections need to cross over and pass through an untrusted network, you need to use an SSH tunnel to encrypt the communication for that connection.

2. Use the Set Password statement to modify the user's password, three steps, first "Mysql-u root" log into the database system, and then "mysql> Update Mysql.user set Password=password (' Newpwd ') , and finally execute the "flush privileges" on it.

3. Attacks that need to be guarded against eavesdropping, tampering, playback, denial of service, etc., do not involve availability and fault tolerance. All connections, queries, and other operations are performed using security methods based on ACLs, which are access control lists. There are also some support for SSL connections.

4. Any user other than the root user is not allowed access to the user table in the MySQL master database;

Once the encrypted user password is encrypted and stored in the user table, the other person can use the corresponding database of the username/password as soon as it is compromised;

5. Use GRANT and REVOKE statements to conduct user access control work;

6. Do not use plaintext password, but use MD5 () and SHA1 () and other one-way HA functions to set the password;

7. Do not use the word in the dictionary to do the password;

8. The use of firewalls to remove 50% of the external danger, so that the database system behind the firewall to work, or placed in the DMZ area;

9. Using Nmap to scan 3306 ports from the Internet, you can also use Telnet server_host 3306 method test to allow access to the No. 3306 TCP port of the database server from untrusted networks, so you need to set up on a firewall or router;

10. In order to prevent malicious entry of illegal parameters, such as where id=234, others enter where id=234 or 1=1 cause all to be displayed, so use ' or ' in a Web form to use a string, add%22 in a dynamic URL to represent double quotes,% 23 for the number of wells,% 27 represents single quotes; passing unchecked values to the MySQL database is very dangerous;

11. Check the size when passing data to MySQL;

12. Applications need to connect to the database should use a general user account, only open a few necessary permissions to the user;