Security Settings of MySQL5.0.x in Linux

Prohibit MySQL from using the ldquo and LOADDATALOCALINFILErdquo commands. This command reads the local file to the database using MySQL, and then the user can obtain it illegally.

Prohibit MySQL from using the ldquo; load data local INFILErdquo; command. This command reads the local file to the database using MySQL, and then the user can obtain it illegally.

Open the/etc/my. cnf file and modify the following settings. If not, add it manually.

# Cancelling the external lock of the file system

Skip-locking

# Do not perform domain name anti-resolution, pay attention to the resulting permission/authorization issues

Skip-name-resolve

# Prohibit MySQL from using the "load data local infile" command. This command uses MySQL to read local files to the database, and then the user can obtain sensitive information illegally. Some attack methods circulating on the Internet are useful. It is also a method used by many new SQL Injection attacks!

Local-infile = 0

# Close the remote connection, that is, port 3306. This is the default listening port of MySQL. Because MySQL only serves local scripts, remote connection is not required. Although the built-in security mechanism of MySQL is very strict, listening to a TCP port is still dangerous, because if the MySQL program itself has problems, after unauthorized access, you can bypass the built-in security mechanism of MySQL. (You must be sure whether you really do not need to remotely connect to mysql)

Skip-networking

After modifying my. cnf, you also need to adjust the mysql user name, account, and default database.

First, log on to mysql and enter/home/mysql/bin/mysql-u root-p in the terminal window.

Then, you will be prompted to enter the correct password. after entering the correct password, the mysql> prompt will appear.

Enter the following command:

Mysql> use mysql;

Mysql> update user set user = "CentOS" where user = "root"; (change the root user name of mysql to centos to prevent brute force cracking of the root password)

Mysql> select Host, User, Password, Select_priv, Grant_priv from user;

Mysql> delete from user where user = "; (delete user)

Mysql> delete from user where password = "; (delete user)

Mysql> delete from user where host = "; (delete user)

Mysql> drop database test; (delete the default test database)

Mysql> flush privileges; (refresh the mysql cache to make the preceding settings take effect immediately)

Mysql> quit;

To make the preceding optimization and security settings take effect, restart the Mysql service or Linux.