Shulou(Shulou.com)05/31 Report--

This article mainly shows you the "sample analysis of security settings in MySQL", which is easy to understand and clear. I hope it can help you solve your doubts. Let the editor lead you to study and learn the article "sample analysis of security settings in MySQL".

MySQL Security Settings

After the server starts, you can execute the

Mysql_secure_installation

Enter the original root password at this time (empty for the initial installation), and then, for security, MySQL will prompt you to reset the root password, remove other user accounts, disable root remote login, remove the test database, reload the privilege form, etc., just type y to continue.

Running mysql_secure_ installation executes several settings:

A) set the password for root users

B) Delete anonymous accounts

C) cancel remote login for root users

D) remove the test library and access to the test library

E) refresh the authorization table to make the changes effective

Bind IP

-- bind-address=IP

1. Modify root user password

Can be done through mysql_secure_installation

two。 Correct authorization

There are four permission tables in the mysql library, user, db, tables_priv and columns_priv, which correspond to the user's password, the user's permissions to the database, the permissions to the table, and the permissions to the columns.

When a user makes a request to MySQL, it will first verify host, user, password from the user table, and then verify db, tables_priv, and columns_priv in turn. During the verification process, if the corresponding permission in the db table is Y, the user's permissions to a library are all Y, and tables_priv and columns_priv will no longer be verified.

The security configuration related to account permissions in MySQL is summarized as follows:

Establish a separate account for each website

Home-specific database for each website

Fine-grained permission control in the order of user- > db- > tables_priv- > columns_pri

Configure a dedicated database for each user separately to ensure that all current user operations can only occur in their own database, and prevent hackers from accessing system tables through injection after SQL injection occurs.

3.MySQL network security configuration

Prohibit root users from logging in remotely

Firewall Settin

Changing the default port can prevent the port scanning tool from scanning to some extent

Limit the number of connections for a single user:

Max_user_connections 20

4. File permissions and file security

Start the MySQL service with a non-root user

Restrict the file permissions of the user who starts MySQL, while ensuring that the user has read and write permissions to the data files of MySQL

You can use chroot to change the root directory to prevent non-root users from accessing sensitive files, such as / etc/passwd

Do not grant process and super permissions to non-root users. The mysqladmin processlist and show processlist commands will see any commands executed by users, which may see update user set passoword= executed by other users. Command, supper permission to terminate the session, change system parameters, etc.

Do not use soft join on the table (--the skip-symbolic-links parameter is used to disable this function), the soft join of the table is only supported by MyISAM, because after opening the soft join of the table (especially for the MySQL service started by the system root user), MySQL users can use mysqld to delete and rename files other than the location where the data files are located.

If the plugin folder can be written by MySQL Server, then the user can use select. The into dumpfile command writes executable code into it, and security can be improved by setting the path corresponding to the plugin_dir parameter to read-only and adjusting the-- secure-file-priv parameter.

Do not grant read and write access to files to non-root users, and prevent the use of load data local infile to extract local files (such as information in / etc/passwd, which poses a threat to system security)

[mysqld]

Local-infile=0

5. If necessary, delete the ~ / .bash_history file to prevent reading history commands

# rm .bash _ history .mysql _ history

# ln-s / dev/null .bash _ history

# ln-s / dev/null. MySQL _ history

The above is all the content of the article "sample Analysis of Security Settings in MySQL". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.