Shulou(Shulou.com)05/31 Report--

This article introduces you how to protect important data in MySQL. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

◆ removes wildcards from the authorization table

The MySQL access control system runs through a series of so-called authorization tables to define user access rights at the database, table, or column level. But these forms allow administrators to set a package of licenses for a user, or a set of forms that apply wildcards. This is potentially dangerous because hackers may use a restricted account to access other parts of the system. For this reason, be careful when setting user privileges to always ensure that users can only access what they need. Be especially careful when setting super privileges for individual users, as this level allows ordinary users to modify the basic configuration of the server and access the entire database.

Recommendation: apply the display privilege command to each user account to review the authorization table to see if it is appropriate to apply wildcard permissions.

◆ requires a secure password

The security of user accounts is closely related to the passwords used to protect them. Therefore, the first thing you should do when installing MySQL is to set the password for the MySQL root account (the default is empty). After fixing this, you should then ask each user account to use a password, and do not use easily recognizable heuristic passwords such as birthdays, usernames, or words in the dictionary.

Recommendation: apply the MySQL- Security-Authorization option to avoid using the old, insecure MySQL password format.

◆ check profile license

In general, to make server connections faster and easier, individual users and server administrators must store their user account passwords in a single-user MySQL options file. However, this password is stored in a file in plain text and can be easily looked up. Therefore, you must ensure that such a single-user profile is not consulted by other users in the system and that it is stored in a non-public location. Ideally, you want the single user profile to be saved in the user's root directory with a license of 0600.

◆ encrypts data transfer between client and server:

One of the important issues of MySQL (and other) client and server architecture is the security of data transmission over the network. If the interaction between the client and the server takes place in plain text, the hacker may "sniff" the transmitted packet and obtain confidential information. You can close this vulnerability by activating SSL in the MySQL configuration, or by applying a security application such as OpenSSH to establish a secure encrypted "channel" for transmitted data. Encrypting the connection between the client and the server in this form makes it extremely difficult for unauthorized users to access the data they travel to and from.

◆ prohibits remote access

If users do not need remote access to the server, you can force all MySQL connections through UNIX slot files, greatly reducing the risk of network attacks. This can be done by skipping the network option to start the server. This prevents the TCP/IP network from connecting to the MySQL, ensuring that no user can connect to the system remotely.

Recommendation: this feature can be enhanced by adding a bundled address 127.0.0.1 instruction to the MySQL server configuration, forcing MySQL to bundle the IP address of the local machine to ensure that only users on the same system can connect to the MySQL.

◆ actively monitors MySQL access records

There are many different log files in MySQL that record customer connections, queries, and server errors. Among them, the most important is the general query log, which uses a time tag to record the connection and outage time of each customer, and records each query executed by the customer. If you suspect that unusual behavior, such as a network intrusion, has occurred, it is a good idea to monitor this log to understand the source of the behavior.

On how to protect important data in MySQL to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.