With MySQL, security issues cannot be noticed. Here are 23 things to note about MySQL tips:
1. If the client and server connections need to span and pass through untrusted networks, then SSH tunneling is required to encrypt the connection's traffic.
2. Use the Set Password statement to modify the user's password, three steps, first "Mysql-u root" login to the database system, and then "mysql> Update Mysql.user set Password=password (' Newpwd ')", Finally execute "flush privileges" on it.
3. There are attacks that need to be guarded against eavesdropping, tampering, replay, denial of service, etc., without regard to availability and fault tolerance. All connections, queries, and other operations are done using security measures based on ACLs, which are access control lists. There are also some support for SSL connections.
4. Any user other than the root user is not allowed to access the user table in the MySQL master database;
Once the encrypted user password is stored in the user table after the encryption, the other person can freely use the corresponding database of the username/password;
5. Use GRANT and REVOKE statements to perform user access control work;
6. Instead of using plaintext passwords, use a one-way, MD5 () and SHA1 ()-like function to set the password;
7. Do not use the word in the dictionary to do the password;
8. Use a firewall to remove 50% of the external danger, let the database system behind the firewall to work, or placed in the DMZ area;
9. From the Internet with Nmap to scan 3306 port, can also be used Telnet server_host 3306 method test, can not be allowed to access the database server from the non-trusted network TCP port No. 3306, so need to be set up on the firewall or router;
10. In order to prevent the malicious passing of illegal parameters, such as where id=234, others but input where id=234 or 1=1 cause the full display, so in the form of the web using "or" to use the string, in the dynamic URL to add the%22 for double quotes,% 23 for the pound,% 27 represents single quotation marks; passing unchecked values to the MySQL database is very dangerous;
11. Check the size when passing data to MySQL;
12. The application needs to connect to the database should use a normal user account, only open a few necessary permissions to the user;
13. Use a specific ' escape character ' function in each programming interface (c C + + PHP Perl Java jdbc, etc.);
When using MySQL database on the Internet, it is necessary to use less data to transmit plaintext, and to use SSL and SSH encryption to transmit data;
14. Learn to use the tcpdump and strings tools to view the security of transmitted data, such as Tcpdump-l-I eth0-w-src or DST Port 3306 | Strings Start MySQL database service with normal user;
15. Do not use the junction symbol to the table, the selected parameters--skip-symbolic-links;
16. Make sure that only users who start the database service in the MySQL directory can have read and write access to the file;
17. Do not pay the process or super permissions to non-administrative users, the Mysqladmin processlist can enumerate the current execution of the query text, super permissions can be used to cut off the client connection, change the state of server operation parameters, control copy copy database server;
18.file permissions do not pay to users other than the administrator, to prevent the load data '/etc/passwd ' to the table and then use select display problems;
19. If you do not trust the services of the DNS service company, you can only set the IP numeric address in the Host name allow table;
20. Use the max_user_connections variable to enable the Mysqld service process to limit the number of connections to a specified account;
The 21.grant statement also supports resource control options;
22. Start the security options switch for the MYSQLD service process,--local-infile=0 or 1 if 0 the client program cannot use the local load data, an example of the Empowerment grant Insert (user) on Mysql.user to ' user _name ' @ ' host_name '; If you use the--skip-grant-tables system, you will not have any access control for any user's access, but you can use mysqladmin flush-privileges or mysqladmin Reload to turn on access control; By default, the show databases statement is open to all users and can be closed with--skip-show-databases.
23. When you encounter error 1045 (28000) Access Denied for user ' root ' @ ' localhost ' (Using password:no) errors, you need to reset the password, This is done by starting mysqld with the--skip-grant-tables parameter and then executing mysql-u root mysql,mysql>update user set Password=password (' NewPassword ') where user= ' root '; Mysql>flush privileges; Finally, restart MySQL.
MySQL Security issues