MySQL Security Guide (1) as a MySQL system administrator, you have the responsibility to maintain the data security and integrity of your MySQL database system. This article mainly introduces how to build a secure MySQL system and provides you with a guide from both internal and external networks.
This article focuses on the following security issues:
Why is security very important? what attacks should you guard against?
What are the risks (internal security) faced by servers?
How does one deal with the client risk (external security) of the server?
The MySQL administrator is responsible for ensuring the security of the database content, so that these data records can only be accessed by those authorized users, which involves the internal and external security of the database system.
Internal security concerns the file system level, that is, preventing MySQL data directories (DATADIR) from being attacked by persons (legal or stolen) with accounts on the server host. If the permissions on the data directory content are excessively granted so that everyone can simply replace the files corresponding to those database tables, it makes no sense to make sure that the authorized tables that control customer access over the network are correctly set.
External Security concerns customers who connect to the server from the external network, that is, to protect the MySQL server from attacks from the connection to the server through the network. You must set the MySQL authorization table so that they are not allowed to access the database content managed by the server, unless a valid user name and password are provided.
The following describes in detail how to set up the file system and the authorization table mysql to achieve two levels of MySQL security.
I. internal security-ensures the security of data directory access
The MySQL server provides a flexible permission system through the authorization table in the MySQL database. You can set the content of these tables to allow or deny access to the database. this provides a security means to prevent unauthorized network access from attacking your database, however, if other users on the host can directly access the data directory content and establish good security for accessing the database through the network, unless you know that you are the only user logging on to the MySQL server to run the host, you need to be concerned about the possibility that other users on this machine can access the data directory.
The following content should be protected:
Database files. Obviously, you need to maintain the private usage of the database managed by the server. Database owners usually consider the security of database content, even if they do not want to, they should also consider the openness of database content, rather than exposing this content through poor security of data directories.
Log file. Generally, logs must be updated to ensure security because they contain query text. Anyone with access to log files can monitor operations performed by the database.
The log file security is also documented in queries such as GRANT and SET PASSword. Generally, the log updates contain sensitive query text, including passwords (MySQL uses PASSword encryption, however, it is used for subsequent connection establishment only after the settings have been completed. The process of setting a PASSword is designed to be a query such as GRANT or SET PASSword, and these queries are recorded in the log file as common text ). If an attacker has the same read permission as a daily file, he only needs to run grep on the log file to find sensitive information by searching for words such as GRANT and PASSword.
Obviously, you do not want other users on the server host to have the write permission for Database Directory files, because they can rewrite your status files or database table files, but the read permission is also dangerous. If a database table file can be read and the file is stolen and MySQL itself is obtained, it is also troublesome to display the table content in plain text. why? Because you need to do the following:
Install your own "special" MySQL server on the server host, but there is a port, socket, and data directory different from the official server version.
Run mysql_install_db to initialize your data directory, which grants you the permission to access your server as the MySQL root user. Therefore, you have full control over the server access mechanism and it also creates a test database.
Copy the table files you want to steal to the test directory in the database directory of your server.
Start your server. You can access database TABLES at will. show tables from test shows that you have a copy of a stolen table, and SELECT * shows all the contents of any of them.
If you are really vicious, publish the permission to any anonymous user on your server so that anyone can connect to the server from any address to access your test database. You have now published the stolen database tables.
Consider, from the opposite perspective, do you want others to treat you like this? Of course not! You can run the ls-l command in the database directory to check whether your database contains insecure files and directories. Search for files and directories with "group" and "other users" permissions. The following is a list of insecure data directories:
% Ls-l
Total 10148
Drwxrwxr-x 11 mysqladm wheel 1024 May 8.
Drwxr-xr-x 22 root wheel 512 May 8 ..
Drwx ------ 2 mysqladm mysqlgrp 512 Apr 16 menagerie
Drwxrwxr-x 2 mysqladm wheel 512 Jan 25 mysql
Drwxrwxr-x 7 mysqladm wheel 512 Aug 31 1998 SQL-statements
Drwxrwxr-x 2 mysqladm wheel 1536 May 6 test
Drwx ------ 2 mysqladm mysqlgrp 1024 May 8 tmp
....
As you can see, some databases have the correct permissions, while others are not. This example is the result after a period of time. For more limited permissions, you can set them on the server of an earlier version that is less restrictive than the updated version (note that the more restrictive directories menageria and tmp both have a relatively recent date ). The current MySQL version ensures that these files can only be read by users on the running server.
Let's modify these permissions so that only server users can access them. Your primary protection tool comes from the setup file and directory owner and mode tools provided by the UNIX file system itself. The following is what we need to do:
Enter this directory
% Cd DATADIR
Set the owner of all files in the data directory to be owned by the account used to run the server (you must perform this step as root ). In this document, mysqladm and mysqlgrp are used as the user name and group name of the account. You can use one of the following commands to change the owner:
# Chown mysqladm. mysqlgrp.
# Find.-follow-type d-print | xargs chown mysqladm. mysqlgrp
Set the mode of your data directory and Database Directory so that they can only be read by mysqladm, which prevents other users from accessing the contents of your Database Directory. You can run the following command as root or mysqladm.
% Chmod-R go-rwx.
% Find.-follow-type d-print | xargs chmod go-rwx
The owner and mode of the data directory content are set to mysqladm. Now you should ensure that you always run the server with the mysqladm user, because now this is the only user with the permission to access the database Directory (except root ).