Security analysis of MSSQL and MySQL

Source: Internet
Author: User
Tags empty log microsoft sql server mssql account security mysql database strong password
mysql| Security | Security database is the foundation of e-commerce, finance and ERP system, it usually keeps important business partners and
Customer information. Electronic data from most businesses, organizations, and government departments are kept in a variety of databases, and they
These databases are used to keep some personal data and to hold sensitive financial data. But the database is usually not like
The operating system and the network are being taken seriously in security. Data is the lifeblood of business and organization, so choose
A secure database is critical. Large Web sites typically use Oracle or DB2, while small and medium sized sites are large
Most use a more flexible and compact MSSQL database or MySQL database. Then, under the same conditions, the micro
Soft MSSQL and free MySQL which is more secure?

I'm on my machine. Using the Admin account defaults to install MSSQL and MySQL to test in the same situation
Try their safety. My system is configured as follows: Operating system Microsoft Windows Version5.0,
The SP4,FTP service and the IIS service are installed to support ASP and PHP. The system has only one administrator account Admin,guest
The account number is not disabled.


I. Internal security analysis of the system




1.mysql Database Permission Control problem

MySQL's permission control is based on MySQL, the database, called authorization form, including a total of six tables
Columns_priv,db,func,host,tables_priv and user. First use the DESC user command to view the non-
The structure of the frequently important user table to query the content, you can now view his permission settings.
Use the command select Host,user,password,delete_priv,update_priv,drop_priv from user;
This command looks at several more dangerous permissions and displays the following results:
Mysql> select Host,user,password,delete_priv,update_priv,drop_priv from user;
+-----------+------+------------------+-------------+-------------+-----------+
| Host | user | password | Delete_priv | Update_priv | Drop_priv |
+-----------+------+------------------+-------------+-------------+-----------+
| localhost | Root |0e4941f53f6fa106 | Y | Y | Y |
| % | Root | | Y | Y | Y |
| localhost | | | Y | Y | Y |
| % | | | N | N | N |
+-----------+------+------------------+-------------+-------------+-----------+
4 rows in Set (0.00 sec)
The first means to log in using the root password in this machine, with the ability to delete records, modify records, delete tables, etc.
Well, it's safe. The second means that any host uses root without a password to log in, has a delete record,
Modify records, delete tables, and other permissions. The third means that anonymous landing on this machine, with delete records, changes in mind
Record, delete table and other permissions. The last bar indicates that any host can log on anonymously, but without any permissions.
Obviously, the second, three, four are unsafe! No, it goes without saying, in the case of article three, if you're locally
is the guest permission, but can also log into the MySQL database, and have full permissions. This way, you can log
According to the library to do whatever it wants.
WORKAROUND: If you do not need to maintain the remote, delete the second article, the delete from user where
host= "%" and user= "root", or add a strong password to it. Delete the third article, delete from
The user where host= "localhost" and user= "";


2.mysql Installation directory Permissions issue

MySQL is installed by default to C:\mysql, but the C disk defaults to everyone Full control, due to the inheritance of permissions
, C:\mysql is completely controlled by everyone, which is obviously unsafe. Because a malicious user can
Delete the important data files.
WORKAROUND: Reset the access rights to the MySQL directory. Or install MySQL to another directory, if
You move MySQL distribution to D:\mysql, you have to use
D:\mysql\bin\mysqld--basedir D:\mysql to start mysqld, and even to modify its configuration
File.

3.mssql Database Permission Control problem

The permissions control of MSSQL database is based on the syslogins table of Master Library, the account with all permissions is
SA, other sysadmin,db_owner, and other rights accounts. However, the MSSQL database has the highest permission ledger
The default password for the SA is empty so that if you don't pay attention to it when you install it, it can be devastating to the data.
Malicious attackers can modify, delete all data, more importantly, the MSSQL account can be used to extend the execution department
Unified command.
WORKAROUND: Check all login accounts periodically to see if there are any passwords that do not meet the requirements.
Use master
Select Name,password from syslogins where Password is null command check for empty
Password account exists. Remove storage extensions as much as possible to prevent local users from using storage extensions to execute malicious commands.
Use master
The sp_dropextendedproc xp_cmdshell command deletes the xp_cmdshell extension.

4.mssql Installation directory Permissions issue

Like MySQL, MSSQL is installed to everyone Full Control C disk, due to access control issues, the most
Good installation to D disk and other non-system disk for strict access control. And because the MSSQL database is very tightly integrated with the system,
The system administrator can also manipulate the database by selecting Windows Authentication without a database password. Therefore, ordinary users have
You may be able to elevate your permissions through a system vulnerability and destroy the database.

Workaround: In addition to strict access restrictions, periodically check to see if SQL Server log checks are available
A suspected logon event occurred, or a DOS command findstr/c: "Login" D:\Microsoft SQL server\mssql\log\*.*.
The security of MSSQL is closely linked to the security of Windows systems, and any vulnerability that can be compromised is another security threat.


Summary, in the system internal security, MySQL and MSSQL have not reached satisfactory degree, account security, access rights
are not very well controlled. But the MSSQL has detailed log can check the landing situation, than MySQL to be higher than a chip. If it is
reasonable settings, MySQL instead to be more secure, because for MSSQL, as long as the system permissions can have database permissions.



Two. External network security Analysis



1. Detection of database Services

To be secure, MySQL services can be run on the intranet, but if your machine has an extranet interface, MySQL will automatically be bound
Online, exposed to the Internet, and the system will be in TCP 3306 port monitoring, very easy to be detected by the port scanning tool, do not
To ensure data security. If you default, MSSQL will open TCP's 1433 port listening. Although MSSQL can artificially change the listening port, but
It's easy to know what TCP/IP ports are used by SQL Server through Microsoft's undisclosed 1434-port UDP probes. Go to UDP1434 Port
Send a 1 byte content of 02 packets, the detected system will return the installed MSSQL service information, including: Host name
Call, instance name, version, pipe name, and port used. This port is used by Microsoft itself and is not like the default 1433 port that
The sample can be changed, 1434 cannot be changed. A typical return message is as follows:
ServerName; sky;instancename;sky;isclustered; No; Version;8.00.194;tcp;3341;np;\\sky\pipe\mssql$xht310\sql\query;
You can find the TCP port of MSSQL changed to 3341, open the door for attackers! Just a little bit of socket programming knowledge,
It is easy to write a program that scans for MSSQL services and, because of the UDP port, it is difficult to prevent the filter.
Awen wrote a probe program, using the C # language, the code is as follows:
Using System;
Using System.Net.Sockets;
Using System.Net;
Using System.Text;
Using System.Threading;

Namespace ConsoleApplication3
{

Class Class1
{
Create a UdpClient instance
private static UdpClient m_client;

Listen used to get the returned information
public static string Listen (String hostip)
{
string hostip = HostIP;
IPAddress Thisip = Ipaddress.parse (HostIP);
IPEndPoint host = new IPEndPoint (thisip,1434);
byte [] data = m_client.receive (ref host);
Encoding ASCII = encoding.ascii;
String strdata = ASCII. GetString (data);
return strdata;



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.