The following article mainly introduces the summary of MySQL security configuration. The reason why MySQL security configuration can be widely used in a short period of time is also because of its unique functions. MySQL kernel MySQL Security Configuration configuration User Authentication Module password restoration Stored Procedure write database index Content Abstract: because MySQL is a multi-platform database, its
The following article mainly introduces the summary of MySQL security configuration. The reason why MySQL security configuration can be widely used in a short period of time is also because of its unique functions. MySQL kernel MySQL Security Configuration configuration User Authentication Module password restoration Stored Procedure write database index Content Abstract: because MySQL is a multi-platform database, its
The following article mainly introduces the summary of MySQL security configuration. The reason why MySQL security configuration can be widely used in a short period of time is also because of its unique functions. MySQL kernel MySQL Security Configuration configuration User Authentication Module password restoration Stored Procedure writing database index
Summary:
Because MySQL is a multi-platform database, its default configuration should be considered to be applicable in various circumstances, so further security reinforcement should be carried out in our own use environment. As a MySQL System Administrator, we have the responsibility to maintain the data security and integrity of the MySQL database system.
1. Preface
MySQL is a fully networked cross-platform relational database system and a distributed database management system with a client/server architecture. It has the advantages of strong functions, ease of use, convenient management, fast operation speed, strong security and reliability. Users can use many languages to write programs that access the MySQL database, especially PHP, it is widely used.
Because MySQL is a multi-platform database, its default MySQL security configuration should be applicable under various circumstances, so we should perform further security reinforcement in our own use environment. As a MySQL System Administrator, we have the responsibility to maintain the data security and integrity of the MySQL database system.
MySQL Security Configuration must begin with two aspects: internal system security and external network security. In addition, we will also briefly introduce some precautions and tips for programming.
2. Internal System Security
First, we will briefly introduce the directory structure of the MySQL database. After MySQL is installed and the mysql_db_install script is run, the data directory and database initialization will be established. If we use the MySQL source code package and the installation directory is/usr/local/mysql, the data directory is usually/usr/local/mysql/var.
The database system is composed of a series of databases, each containing a series of database tables. MySQL creates a database directory in the data directory with the database name. Each database table uses the database table name as the file name, put the three files with the extension MYD, MYI, and frm in the database directory.
The MySQL authorization table provides flexible permission Control for database access. However, if a local user has the permission to read database files, attackers only need to package and copy the database directories, copy it to the data directory of your local machine to access the stolen database. Therefore, the security of the MySQL host is the top priority. If the host is insecure and controlled by attackers, the security of MySQL cannot be discussed. The second is the security of data directories and data files, that is, permission settings.
From the perspective of some old binary distributions on the MySQL main site, the attribute of the data directory in version 3.21.xx is 775, which is very dangerous. Any local user can read the data directory, therefore, database files are insecure. In version 3.22.xx, the attribute of the data directory is 770, which is also dangerous. Local Users in the same group can both read and write data, so data files are not secure.
The attribute of the Data Directory of 3.23.xx is 700, which is better. Only the user who starts the database can read and write the database files, ensuring the security of local data files.
The above content is an introduction to MySQL security configuration. I hope you will get some benefits.