Suggestions on how to enhance MYSQL security _ MySQL

Now there are more and more combinations of php and mysql. here we will share with you some tips on installing and setting mysql. Usually we need to use a password when connecting to the MySQL server. This password is encrypted during transmission over the network. However, other contents are transmitted in plain text.

Of course, if you are worried about this insecurity, you can use the compression protocol (MySQL3.22 and later versions) to make other content less easily visible. To make it more secure, you can consider installing ssh. After it is installed, you can build an encrypted TCP/IP connection between the MySQL server and the MySQL client.
To make your MySQL system more secure, we strongly recommend that you consider the following suggestions:

1. Use a password for each MySQL User. If you do not set a password, others can access your database through mysql -- user other_user database. The system will also give you a warning when detecting using MySQL.

2. use the mysql_install_db script to create a mySQL authorization table. you can use mysql-u root to test the table. if the table is correct, no error will occur. Change the root password:

shell> mysql -u root mysqlmysql> UPDATE user SET Password=PASSWORD( ew_password)WHERE user= root;mysql> FLUSH PRIVILEGES;

3. do not start the MySQL service as root. MySQL can be started by any user. You can start the database service by adding a new user (that is, mysql runs with low permissions ). This will not have any impact on the system, because MySQL Users and Unix users are fundamentally different.

4. if you put the Unix root user password in the mysql. server script, make sure this script is only readable to the root user. Check the user that runs mysqld to ensure that this user is the only user with read/write permissions under the Database Directory.

5. do not grant the process permission to anyone. The output of mysqladmin processlist shows the query body currently being executed. if another user sends an UPDATE user SET password = PASSWORD (ot_secure) query, the query results will be viewed by users with the process permission. Mysqld retains an additional connection for a user with the process permission so that a MySQL root user can log on and check it even if all normal connections are in use.

6. do not grant the file permission to all users. Users with this permission can write a file in the file system with the mysqld daemon permission! The file permission can also be used to read any files that can be accessed by Unix users who are running servers. This may be exploited. for example, you can use load data to LOAD "/etc/passwd" into a database table, and then it can be read using SELECT.

7. if you do not trust your DNS, you should replace the host name with an IP address. In any case, you should be very careful when using a host name containing wildcards!
I believe that after the above settings, your Mysql host should have been relatively secure, not so easy to break.

The above are some suggestions on how to enhance MYSQL security _ MySQL content. For more information, please follow the PHP Chinese network (www.php1.cn )!