How to make MySQL safe against decryption master

Source: Internet
Author: User
Tags file system ip number mysql client readable ssh file permissions

When you connect to a MySQL server, you should usually use a password. The password is not transmitted on the connection with clear text.

All other information is transmitted as text that can be read by anyone. If you're worried about this, you can use the compression protocol (MySQL3.22 and above) to make things harder. Even to make everything more secure, you should install SSH (see HTTP://WWW.CS.HUT.FI/SSH). With it, you can get an encrypted TCP/IP connection between a MySQL server and a MySQL client.

To make a MySQL system secure, you are strongly asked to consider the following recommendations:

Use passwords for all MySQL users. Remember, if Other_user does not have a password, anyone can simply log in as any other person with Mysql-u Other_user db_name. For client/server applications, it is common practice for customers to specify any user name. Before you run it, you can change the password of all users by editing the mysql_install_db script, or just the password of MySQL root, like this:

shell> mysql-u Root MySQL
mysql> UPDATE user SET Password=password (' New_password ')
WHERE user= ' root ';
mysql> FLUSH privileges;

Do not run the MySQL daemon as the root user of Unix. Mysqld can run with any user, you can also create a new UNIX user MySQL to make everything more secure. If you run mysqld as another UNIX user, you do not need to change the root username in the user table because the MySQL username is not the same as the UNIX user name. You can edit Mysql.server startup script Mysqld as other UNIX users. Usually this is done with the SU command. For more details, see 18.8 How to run MySQL as a general user.
If you put a UNIX root user password in the Mysql.server script, make sure that the script is readable only for root.

Check that the UNIX user running mysqld is the only user with read/write access under the database directory.
Do not leave process permissions to all users. The output of the Mysqladmin processlist displays the currently executing query body, if another user issues an update user SET Password=password (' not_secure ') query, Any user who is allowed to execute that command may see it. MYSQLD maintains an additional connection for users with process privileges so that a MySQL root user can log in and check even if all the normal connections are in use.

Do not give file permissions to all users.

Any user with this permission can write a file in a file system that has the privileges of the mysqld daemon! To make this safer, use SELECT ... All files generated by into outfile are readable to everyone and you cannot overwrite files that already exist.

File permissions can also be used to read any files that are accessible to UNIX users running the server. This can be misused, for example, by loading "/etc/passwd" into a database table by using load data, and then it can be read in with SELECT.

If you do not trust your DNS, you should use the IP number instead of the hostname in the authorization form. In principle, the--secure option should make the host name more secure for mysqld. In any case, you should be very careful to use the hostname that contains the wildcard character.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.