Security configuration method to prevent MySQL attacks

Use passwords for all MySQL users. The client program does not need to know the identity of the person who is running it. For client/server applications, users can specify the user name of the client program. For example, if Other_user does not have a password, anyone can simply use Mysql-u other_user db_name impersonate someone else to invoke the MySQL program to connect, for MySQL attacks. If all users have a password, it is much more difficult to connect using another user's account.

To change the user's password, you should use the Set password statement. You can also update the user table in the MySQL database directly. For example, to change the password for the MySQL account for all root users.

The following are the referenced contents:
shell> Mysql-u Root
mysql> UPDATE mysql.user SET password=password (' newpwd ')
-> WHERE user= ' root ';
mysql> FLUSH privileges;

Never run a MySQL server as the root user of Unix. This is dangerous because any user with file permissions can create a file with root (for example, ~ROOT/.BASHRC). To prevent, Mysqld refuses to run with root unless it is clearly specified using the--user=root option.

You should (and should) run mysqld with a normal, unprivileged user. You can create separate MySQL accounts in Unix to make all content more secure. This account is only for managing MySQL. To start mysqld with another UNIX user, add the user option to specify the username of the [mysqld] group in the MY.CNF option file for the/ETC/MY.CNF option file or server data directory. For example:

The following are the referenced contents:
[Mysqld]
User=mysql

This command enables the server to start with the specified user, whether you start manually or through Mysqld_safe or mysql.server.

As other UNIX users without running mysqld with root, you do not need to change the root username in the user table because the user name of the MySQL account has nothing to do with the user name of the UNIX account.

Do not allow the use of symbolic links for tables. (Can be disabled with the--skip-symbolic-links option). It is especially important if you run mysqld with root because anyone who has write access to the server's data directory can delete any file in the system!

Make sure that the mysqld runs only with UNIX users who have read or write access to the database directory.

Do not grant process or super permissions to unmanaged users. The output of the Mysqladmin processlist displays the currently executing query body, if another user issues an update user SET Password=password (' not_secure ') query, Any user who is allowed to execute that command may see it.

MYSQLD reserved an extra connection for users with super privileges, so even if all common connections are occupied, the MySQL root user can still log in and check the server's activity.

You can terminate a client connection by using the Super permission, changing the value of the system variable to change the service's operation, and controlling the replication server to prevent the MySQL attack from occurring.

Do not grant file permissions to non-administrative users. Any user with this permission can write a file in a file system that has the privileges of the mysqld daemon! For more security, by select ... All files generated by into outfile are writable by everyone and you cannot overwrite files that already exist.

File permissions can also be used to read any files that can be read or accessed by UNIX users running the server. With this permission, you can read any file into the database table. This can be misused, for example, by loading "/etc/passwd" into a database table by using load data and then displaying it in select.

If you do not trust your DNS, you should use the IP number instead of the hostname in the authorization form. In any case, you should be very careful to use the hostname containing the wildcard characters to create the authorization table entries to prevent MySQL attacks!

If you want to limit the number of connections allowed in a single account, you can set the max_user_connections variable in mysqld to complete. The grant statement can also support resource control options to limit the range of uses that the server allows for an account.

Security is always not done, hackers are also an important factor in improving security, we just have to protect their MySQL server security is good.