Requirements for correct MySQL Database Application

This article mainly shares with you the requirements on the environment and the installation of the MySQL database for secure applications. The following is a detailed description of these problems, I hope it will help you with the Secure Application of MySQL database.
 

MySQL has become one of the most widely used databases on the network, especially for Web applications. It occupies the absolute advantage of Small and Medium applications. All of this comes from its small and easy-to-use, secure and effective, open license, and multi-platform. What's more, it works perfectly with PHP, one of the three major Web languages.

However, unfortunately, a default and secure MySQL server will be vulnerable to overflow due to an empty root password and a program vulnerability, making the MySQL server frequently attacked. More seriously, the database is often damaged after being attacked, which may cause disastrous consequences. The following describes how to protect data.

Environment requirements

1. System Environment

There is a Red Hat Linux 9.0 custom Installation server. The system has installed GCC and some software packages, such as Apache and PHP. The first thing after installing the system is to upgrade the system software package. As a Web server, the system accepts requests from PHP scripts, and PHP uses the MySQL database to be installed below as the contact for Dynamic Release.

The requirements for partitioning are similar to those for general systems. The only difference is that the/chroot and/tmp created later must be in the same partition.

2. Security Requirements

1) MySQL runs in an independent Chroot environment;

2) The mysqld process runs in an independent user/user group. The user and user group have no root directory, Shell, or other programs;

3) modify the root account of MySQL and use a complex password;

4) only local MySQL connections are allowed. when MySQL is started, network connections are disabled;

5) Ensure that the nobody account used to connect to MySQL is disabled;

6) Delete the test database.

Install MySQL

1. Installation preparation

Before installing MySQL, create a user and group to start MySQL according to the preceding security requirements.

# Groupadd mysql

# Useradd mysql-c "start mysqld's account"-d/dev/null-g mysql-s/sbin/nologin

2. Compile and install

Download the MySQL source code package:

# Wget http://mysql.he.net/Downloads/MySQL-4.0/mysql-4.0.16.tar.gz

Decompress:

# Tar-zxvf mysql-4.0.16.tar.gz

Generally, MySQL is installed in/usr/local/mysql. you can adjust it if you have special requirements. However, this is of little significance, because Chrooting will be used later, and then only the customer tools here will be used, such as mysql, mysqladmin, and mysqldump. Compile and install the SDK.

 
 

  
  
#./configure --prefix=/usr/local/mysql \   
  
  
--with-mysqld-user=mysql \   
  
  
--with-unix-socket-path=/tmp/mysql.sock \   
  
  
--with-mysqld-ldflags=-all-static  
  
  
#make && make install  
  
  
#strip /usr/local/mysql/libexec/mysqld  
  
  
#scripts/mysql_install_db  
  
  
#chown -R root /usr/local/mysql  
  
  
#chown -R mysql /usr/local/mysql/var  
  
  
#chgrp -R mysql /usr/local/mysql 
 
 

The specific functions of the above steps have been described in the MySQL manual. The only difference between the steps and general steps is -- with-mysqld-ldflags =-all-static. Because the Chroot environment is required, MySQL itself does not need to create any database environments after it is connected to a static environment.

3. Configure and start

MySQL configuration files must be manually selected and copied to/etc. These template files are located in the support-files directory of the source file. There are four in total: small, medium, large, and huge.

 
 

  
  
#cp support-files/my-medium.cnf /etc/my.cnf  
  
  
#chown root:sys /etc/my.cnf  
  
  
#chmod 644 /etc/my.cnf 
 
 

Start MySQL. Note that the user is mysql:

 
 

  
  
#/usr/local/mysq/bin/mysqld_safe --user=mysql & 
 
 

4. Test

To test whether the installed program is correct and whether MySQL has been started properly, the best way is to use the MySQL client to connect to the database.

 
 

  
  
#/usr/local/mysql/bin/mysql  
  
  
[root@ftp bin]# mysql  
  
  
Welcome to the MySQL monitor. Commands end with ; or \g.  
  
  
Your MySQL connection id is 687 to server version: 3.23.58  
  
  
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.  
  
  
mysql> 
  
  
mysql> show databases;  
  
  
+--------------+  
  
  
| Database |  
  
  
+--------------+  
  
  
| mysql |  
  
  
| test |  
  
  
+--------------+  
  
  
2 rows in set (0.00 sec)  
  
  
mysql>quit 
 
 

If the connection is successful, you can close the database:

 
 

  
  
#/usr/local/mysql/bin/mysqladmin -uroot shutdown 
 
 

The above content is an introduction to how to securely apply the MySQL database. I hope you will gain some benefits.