Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to access the internal security data directory in MySQL. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have some understanding of the relevant knowledge after reading this article.

Why does ◆ say that security is important and which attacks should be guarded against?

◆ what risks (internal security) do you face from users in the server host and what can you do?

◆ what risks (external security) will you face from clients connected to the server on the network, and what can you do?

It is the responsibility of the MySQL administrator to secure the contents of the database so that records can only be accessed by strictly authenticated users. This includes internal security and external security.

Internal security is concerned with file system-level issues, such as protecting MySQL data directories from users who have a machine account running the server. However, if the file permissions for the contents of the data directory are too arbitrary, and someone can simply replace the files corresponding to these tables, internal security does not ensure that proper control over the authorization tables accessed by clients on the network is established.

External security is concerned with the problem of clients connecting from the outside, such as protecting the MySQL server from attacks on database content access through connection requests coming in through the network. To create MySQL authorization tables, they do not allow access to the database managed by the server (unless a valid name and password are provided).

This article provides guidance on issues that should be understood and explains how to prevent unauthenticated access at the internal and external levels.

The MySQL server provides a flexible permission system implemented through the authorization table in the MySQL database. You can set the contents of these tables to allow or deny database access to the client. This provides security for unauthenticated network access data. However, if other users on the server host have direct access to the contents of the data directory, good security will not be established for the network that accesses the data. Unless you know that you are the only person who has registered on the machine running the MySQL server, you need to be concerned about the possibility that other users on that machine will gain access to the data directory.

Here is what you want to protect:

Database files: you obviously want to maintain the confidentiality of the database maintained by the server. The owner of a database usually considers the exclusivity of the database content. Even if they do not consider it, at most it is to make the contents of the database public, and will not cause those contents to be disclosed because of the low security of the database directory.

Log files general and update logs must be secure because they contain query text. This is at stake because anyone with log file access can monitor the transactions that occur in the database.

A more specific security problem with log files is that queries such as GRANT and SET PASSWORD are recorded in the log. The general and update log files contain sensitive query text, including passwords (MySQL uses password encryption, but this only applies to connection establishment after the password is set. The process of setting the password is included in queries such as GRANT, INSERT, or SET PASSWORD, but these queries are recorded in plain text. If an attacker has read access to the log, he only needs to run grep on words like GRANT or PASSWORD in the log to find sensitive information

Obviously, you don't want other users on the server host to have write access to the data catalog file, because that way they can trample on the status file or database table. But reading interviews are also dangerous. If the table file is readable, it is trivial to steal the file and make MySQL itself display the contents of the table in plain text. You can follow the following steps:

1) install your MySQL server on the server host, but use different ports, sockets, and data files than the formal server.

2) run MySQL_install_db to initialize your data directory. This will allow you to access the server as a root user of MySQL, so you will have complete control over the server access mechanism. It also sets up a test database.

3) copy the corresponding files of the table you want to steal to the test subdirectory under the server data directory.

4) start the crime server. You can access these tables at will. SHOW TABLES FROM test will show that you have a backup of the stolen tables, and SELECT * will show the full contents of any of these tables.

5) if worse, turn on the permission of the server's anonymous user account so that anyone can connect to the server from anywhere to access your test database. Now, you have released these stolen tables to the world.

On how to access the internal security data directory in MySQL to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.