How to secure MySQL against decryption experts

When you connect to a MySQL server, you should usually apply a password. The password is not transmitted in plain text on the connection. All other information is transmitted as text that can be read by anyone. If you are worried about this, you can apply the compression protocol (MySQL3.22 andWhen you connect to a MySQL server, you should usually apply a password. The password is not transmitted in plain text on the connection.

All other information is transmitted as text that can be read by anyone. If you are worried about this, you can apply the compression protocol (MySQL3.22 and later) to make things more difficult. Even to make everything safer, you should install ssh (see http://www.cs.hut.fi/ssh ). With it, you can get an encrypted TCP/IP connection between a MySQL server and a MySQL client.

To ensure the security of a MySQL system, we strongly recommend that you consider the following suggestions:

Apply the password to all MySQL users. Remember, if other_user does not have a password, anyone can simply use mysql-u other_user db_name to log on as any other person. It is common to specify any user name for the client/server exploitation program. Before you run it, you can compile the mysql_install_db script to change the passwords of all users, or just the MySQL root password, as shown in the following code:
Shell> mysql-u root mysql
Mysql> UPDATE user SET Password = PASSWORD ('New _ password ')
WHERE user = 'root ';
Mysql> flush privileges;

Do not run the MySQL daemon process as a Unix root user. Mysqld can run as any user. you can also invent a new Unix user mysql to make everything safer. If you run mysqld as another Unix user, you do not need to change the root user name in the user table because the MySQL user name has nothing to do with the Unix user name. You can compile the mysql. server startup script mysqld as other Unix users. This is usually done using the su command. For more details, see how 18.8 runs MySQL as a common user.
If you put a Unix root user password in the mysql. server script, make sure that the script is only readable to the root user.
Check that the Unix User running mysqld is the only user with read/write permissions under the Database Directory.
Do not grant the process permission to all users. The output of mysqladmin processlist shows the current query body. if another user sends an UPDATE user SET password = PASSWORD ('not _ secure ') query, it may be viewed by any user who promised to execute that command. Mysqld reserves an additional connection for users with process permissions so that a MySQL root user can log on and check, even if all the normal connections are in the application.
Do not grant the file permission to all users. Any user with this permission can write a file in the file system with the mysqld daemon permission! To make this safer, all the files generated by SELECT... into outfile are readable to everyone, and you cannot overwrite existing files. The file permission can also be used to read any files that can be accessed by Unix users who are running servers. This may be abused. for example, LOAD "/etc/passwd" to a database table through the application load data, and then it can be read using SELECT.
If you do not trust your DNS, you should apply IP numbers instead of host names in the authorization table. In principle, the -- secure option should make the host name safer for mysqld. In any situation, you should be very cautious about applying the host name containing wildcards.