How to protect important data in MySQL _ MySQL

Source: Internet
Author: User
Unlike automatic database backup, the system administrator must take certain actions to protect data from unauthorized users. If you are using MySQL, you can use some convenient functions to protect the system and greatly reduce the risk of unauthorized access to confidential data. The most valuable asset of an enterprise is usually the customer or product information in its database. Therefore, unlike automatic database backup, the system administrator must take some action to protect data from unauthorized users. If you are using MySQL, you can use some convenient functions to protect the system and greatly reduce the risk of unauthorized access to confidential data.

The most valuable asset of an enterprise is usually the customer or product information in its database. Therefore, an important part of database management in these enterprises is to protect the data from external attacks and repair software/hardware faults.

In most cases, hardware and software faults are handled through the data backup mechanism. Most databases use built-in tools to automatically complete the entire process, so this work is relatively easy and will not go wrong. But the troubles come from the other side: preventing external hackers from intruding into and stealing or damaging information in the database. Unfortunately, there are generally no automatic tools to solve this problem. In addition, administrators need to manually set obstacles to block hackers and ensure the security of company data.

The common reason for not protecting the database is that the work is "complicated" due to the "trouble ". This is true, but if you use MySQL, you can use some convenient features to significantly reduce the risks. Six functions are listed below:

Step 1: delete wildcards in the authorization table

The MySQL access control system runs through a series of so-called Authorization tables to define user access rights at the database, table, or column level. However, these tables allow administrators to set a package license for a user or a set of tables that apply wildcards. This may pose a potential danger because hackers may use a restricted account to access other parts of the system. For this reason, exercise caution when setting user privileges to ensure that users can only access the content they need. Be especially careful when setting super privileges for individual users, because this level allows common users to modify basic server configurations and access the entire database.

Suggestion: show privileged commands to each user account to review the authorization table and check whether the application wildcard license is appropriate.

Step 2: require a secure password

The security of user accounts is closely related to the passwords used to protect them. Therefore, when installing MySQL, set the password of the MySQL root account (empty by default ). After the vulnerability is fixed, each user account should be asked to use a password and do not use heuristic passwords that are easy to recognize, such as birthdays, usernames, or words in the dictionary.

Suggestion: Use the MySQL-Security-authorization option to avoid using the old and unsecure MySQL password format.

Step 3: Check the configuration file license

In general, to make the server connection more convenient, a single user and the server administrator must store their user account and password in the single-user MySQL option file. However, this password is stored in files in plain text format and can be easily viewed. Therefore, you must ensure that such a single user configuration file is not checked by other users in the system and stored in a non-public location. Ideally, you want the configuration file of a single user to be saved in the root directory of the user. the license is 0600.

Step 4: encrypt data transmission between customers and servers

An important issue of the MySQL (and other) customer and server architecture is the security issue when data is transmitted over the network. If the interaction between the customer and the server occurs in plain text, the hacker may "sniff" the transmitted data packets to obtain confidential information. You can activate SSL in the MySQL configuration, or apply a security application such as OpenSSH to establish a secure encrypted "channel" for the transmitted data to close this vulnerability. Encrypting the connection between the customer and the server in this form makes it extremely difficult for unauthorized users to access the data.

Step 5: disable remote access

If you do not need to remotely access the server, you can force all MySQL connections to be completed through UNIX slot files, thus greatly reducing the risk of network attacks. This process can be completed by skipping the network option to start the server. This prevents TCP/IP networks from connecting to MySQL and ensures that no user can connect to the system remotely.

Suggestion: you can add the bind address 127.0.0.1 command in the MySQL server configuration to enhance this function, forcing MySQL to bind the IP address of the local machine to ensure that only users in the same system can connect to MySQL.

Step 6: actively monitor MySQL access records

MySQL contains many different log files that record client connection, query, and server errors. Among them, the most important is the general query log, which uses time labels to record the connection and interruption time of each customer, and records each query executed by the customer. If you suspect unusual behavior, such as network intrusion, it is a good way to monitor this log to understand the sources of behavior.

Protecting your MySQL database is a daily task. Therefore, even after completing the above steps, you should not be relaxed, learn more security suggestions, actively monitor and update system security.

Link: http://www.zdnet.com.cn/developer/database/story/0,3800066906,39523441,00.htm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.