Mysql Security Settings

UseMySQL,SecurityThe problem cannot be ignored. Note:

1. If the connection between the client and the server needs to span and pass through an untrusted network, you need to use an SSH tunnel to encrypt the communication of the connection.

2. use the set password statement to modify the user's password. In three steps, first "mysql-u root" is logged into the database system, and then "mysql> update mysql. user set password = password ('newpwd') ", and then execute" flush privileges.

3. Attacks that need to be prevented include eavesdropping, tampering, playback, and denial of service. They do not involve availability or fault tolerance. Use ACL-based access control lists for all connections, queries, and other operations. There are also some support for SSL connections.

4. No user except the root user is allowed to access the user table in the mysql primary database;

Once the encrypted user password stored in the user table is disclosed, other users can use the user name/password-related database at will;

5. Use the grant and revoke statements for user access control;

6. Do not use the plaintext password, but use md5 () and sha1 () to set the password;

7. Do not use words in the dictionary as the password;

8. Use a firewall to remove 50% of external risks, so that the database system can work behind the firewall or be placed in the DMZ area;

9. you can use nmap to scan port 3306 over the Internet. You can also use telnet server_host 3306 to test the function. You cannot access port 3306 of the database server from a untrusted network, therefore, you need to configure the firewall or vro;

10. to prevent malicious input of illegal parameters, for example, where ID = 234, others enter where ID = 234 OR 1 = 1 to display all of them, therefore, use ''or" "In web forms to use strings. Add % 22 to dynamic URLs to indicate double quotation marks, % 23 to indicate the well number, and % 27 to indicate single quotation marks; passing unchecked values to the mysql database is very dangerous;

11. Check the size when passing data to mysql;

12. The general user account should be used for connecting applications to the database, and only a few necessary permissions should be granted to the user.

I have summarized 12 points of attention above. I hope you will pay special attention to security issues when using the mysql database, pay attention to the 12 points of attention mentioned above during the security setting operation.