Shulou(Shulou.com)05/31 Report--

This article shows you how to analyze the Web security of MySQL database. The content is concise and easy to understand. It will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Data security is a very important part of Internet security. And once there is a problem with the data, it is irreversible, even catastrophic.

There are some protective measures that should be mentioned in the previous blog posts, so I won't repeat them. For example, through the firewall control, through the system user control, through the Web application control and so on.

What I want to say is that no node exists alone.

Scene

1. Ensure the security of the application itself.

2. Control the access rights of system users to the database.

3. Control the access rights of database users to the database.

4. Ensure the security of sensitive data in the database.

5. Ensure the integrity of the whole data in the database.

6. Standardize the daily operation and maintenance

7. Reasonable division of business.

Solution

Application security

Delete default databases and users

After mysql initialization, empty users and test libraries are automatically generated, which poses a threat to the database, and we delete them all.

Mysql > drop database test; mysql > use mysql; mysql > delete from db; mysql > delete from user where not (host= "localhost" and user= "root"); mysql > flush privileges

Prohibit the database from loading content directly from the local

In some cases, the LOCAL INFILE command can be used to access other files on the operating system, such as / etc/passwd, using the following command:

Mysql > LOAD DATA LOCAL INFILE'/ etc/passwd' INTO TABLE table1 # the easier way is: mysql > SELECT load_file ("/ etc/passwd")

To disable the LOCAL INFILE command, add the following parameter to the [mysqld] section of the MySQL configuration file:

Set-variable=local-infile=0

Control the permissions of the user

The user here refers to the user in the database.

The ip that controls access.

Only trusted ip access is allowed, and all other ip should be denied.

For example, only the office network is allowed, and the corresponding network of the business server can be accessed.

Distinguish roles

Distinguish roles and give different permissions. The division of roles needs to be based on specific usage scenarios.

The following is a simple example:

1. Role: view. Permissions: only data queries are allowed, no modifications are allowed. Scenario: when business correctness verification

2. Role: update. Permissions: data modification is allowed, but data structure modification is not allowed. Scenario: program running

3. Role: operate. Permissions: allow to modify the table structure, allow to add and modify tables, do not delete tables, do not allow deletion of libraries. Scenario: the product can only be used when it is released, which can be executed by upgrading the sql.

4 、.

Encrypt sensitive information

Use algorithms such as md5,sha to encrypt. In this way, even if data is lost, the loss can be reduced. For example: login password, payment password and so on.

Ensure the integrity of the data

1. Solve the single point of failure. Master and subordinate, master.

2. Backup and restore are needed.

Standardize daily operation

1. If there are no special needs, you should use the smallest user. For example, use only users who view.

2. If you need to modify the data or structure, you can consider two people together. Or you can consider making it a function to reduce the number of people directly manipulating the database.

3. Test the OK on the test environment before it is executed in the formal environment.

Division of business

Use less database

It can be static through caching. Use databases as little as possible. It is the safest not to use the database.

Sub-database sub-table

Sensitive and commonly used data are isolated from the design of the table. For example, the details of the user are separated from the payment information.

Optimize sql

This is also very important, often because the optimization of sql is not important, so the corresponding server resources of the database are full and do not provide services.

Verification method

Determine whether there are corresponding permissions through different account operations.

The above content is how to analyze the Web security of MySQL database. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.