Six measures to secure MySQL sensitive data

If your current database is MySQL, there are a number of simple ways to help you secure your system and significantly reduce the risk of unauthorized access to your sensitive data.

The most valuable asset in a technology based enterprise is usually the product information in the customer or its database. Therefore, in such enterprises, to ensure that the database is protected from external attacks and to prevent software and hardware failures is an important part of database management.

In most cases, hardware and software failures are handled through a database backup scenario. Most databases are equipped with built-in tools to automate the process so that backup tasks do not require much effort or error. However, the problem of data security is not so easy to solve. To secure sensitive data, you must ensure that external hackers cannot hack the system or steal or destroy the information contained in the database. In fact, there is no automated way to solve this problem; instead, to ensure enterprise data security, database administrators have to have the actual manual set up some kind of barrier that can prevent potential hacker intrusion.

Many database administrators do not implement any database protection measures, simply because they are "tricky" and Too "complex". Although the situation is indeed as they are described, if you use MySQL, you simply need to use some simple methods to significantly reduce the risks you face. This article lists six of these precautions, but you can also find more similar methods in the MySQL instruction manual and related forums.

Step one: Eliminate wildcard characters from authorization tables

MySQL's access control system operates through a series of so-called authorization tables that enable us to define the level of access for each user at the database, table, and column levels. These tables also make it dangerous for an administrator to grant a user universal license (that is, always allowed) or grant a table a wildcard, because it is possible for a hacker to use a stolen account to gain access to other parts of the system. Therefore, be careful when assigning user rights, be accurate, and always make sure that the user has access rights that are sufficient for them to complete the task. Also beware of assigning super privileges to individual users because this level of permissions allows the user to manipulate the basic server configuration and access all databases.

Tip: Use the show privileges command to display the permissions of each user account so that you can audit your authorization form and check that the wildcard usage permissions are appropriate.

Step two: Use a secure password

The user account can be secured only if the password is used. So the first thing to do when you install MySQL is to set a password for the root account of MySQL (the password is blank by default). When you plug in the big hole, the next step is to ask each user account to set up his or her own password, and make sure that it doesn't use a password that is easily identified with heuristic information, such as birthdays, user name letters, and so on.

Tip: Enable the MySQL--secure-auth option to prevent users from using any old-fashioned, less secure MySQL password format.

Step Three: Check the permissions for the configuration file

In many cases, to make the server connection more convenient, both individual users and server administrators store their user account passwords in the MySQL per-user option file. However, the password is stored in plain text in this file and can easily be read. Therefore, it is important to ensure that other users of the system are not able to view such profiles as Per-user and store them in non-public areas. It is best to store the Per-user configuration file in the private home directory of the user account and set the permissions to 0600 (read and write only by the root user).