How to use MySQL_MySQL safely

MySQL has become one of the most widely used databases on the network. especially for Web applications, MySQL has the absolute advantage of small and medium-sized applications. All of this comes from its small and easy-to-use, secure and effective, open license, and multi-platform. What's more, it works perfectly with PHP, one of the three major Web languages.

However, unfortunately, a default and secure MySQL server will be vulnerable to overflow due to an empty root password and a program vulnerability, making the MySQL server frequently attacked. More seriously, the database is often damaged after being attacked, which may cause disastrous consequences. The following describes how to protect data.

Environment requirements

1. system environment

There is a Red Hat Linux 9.0 custom installation server. The system has installed GCC and some software packages, such as Apache and PHP. The first thing after installing the system is to upgrade the system software package. As a Web server, the system accepts requests from PHP scripts, and PHP uses the MySQL database to be installed below as the contact for dynamic release.

The requirements for partitioning are similar to those for General Systems. The only difference is that the/chroot and/tmp created later must be in the same partition.

2. security requirements

(1) MySQL runs in an independent (Chroot) environment;
(2) the mysqld process runs in an independent user/user group. The user and user group have no root directory, Shell, or other programs;
(3) modify the root account of MySQL and use a complex password;
(4) only allow local connection to MySQL. The network connection is disabled when MySQL is started;
(5) ensure that the nobody account used to connect to MySQL is disabled;
(6) delete the test database.

Install MySQL

1. installation preparation

Before installing MySQL, create a user and group to start MySQL according to the preceding security requirements.

# Groupadd mysql
# Useradd mysql-c "start mysqld's account"-d/dev/null-g mysql-s/sbin/nologin

2. Compile and install

Download the MySQL source code package:

# Wget http://mysql.he.net/Downloads/MySQL-4.0/mysql-4.0.16.tar.gz

Decompress:

# Tar-zxvf mysql-4.0.16.tar.gz

Generally, MySQL is installed in/usr/local/mysql. you can adjust it if you have special requirements. However, this is of little significance, because Chrooting will be used later, and then only the customer tools here will be used, such as mysql, mysqladmin, and mysqldump. Compile and install the SDK.

#./Configure -- prefix =/usr/local/mysql
-- With-mysqld-user = mysql
-- With-unix-socket-path =/tmp/mysql. sock
-- With-mysqld-ldflags =-all-static
# Make & make install
# Strip/usr/local/mysql/libexec/mysqld
# Scripts/mysql_install_db
# Chown-R root/usr/local/mysql
# Chown-R mysql/usr/local/mysql/var
# Chgrp-R mysql/usr/local/mysql