Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to achieve MySQL identity authentication". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn how to achieve MySQL identity authentication.

I. MySQL database identity authentication evaluation items

There should be login failure handling function, and related measures such as ending the session, limiting the number of illegal logins and automatically exiting when the login connection times out should be configured and enabled.

When carrying out remote management, necessary measures should be taken to prevent authentication information from being eavesdropped during network transmission.

B) Let's start with b)

There should be login failure handling function, and related measures such as ending the session, limiting the number of illegal logins and automatically exiting when the login connection times out should be configured and enabled.

To put it bluntly, what this item says is the limit on the number of logins and the restrictions on logins that have not been operated for a long time. Let's do it in practice. MySQL's login failure handling function is somewhat similar to password complexity because it is also installed based on modules. Let's first follow the steps above in the preliminary evaluation book to see if we can get the results I want.

Mysql > Show variables like "max_connect_errors"; +-+-+ | Variable_name | Value | +-+-+ | max_connect_errors | 100 | +-+-+ 1 row in set (0.00 sec)

You can see whether this value is a little confused. I was confused when I first saw it. Why only one value with a maximum connection error was provided? here is a default value of 100 for the database. The official website of the database means that if the number of continuous connection requests from the host exceeds this number and the connection is not successful, the server will prevent the host from connecting further. You can unblock the blocked host by flushing the host cache. To do this, issue a FLUSH HOSTS statement or execute the mysqladmin FLUSH-HOSTS command. If a connection is successfully established with less than max_connect_errors attempts after the previous connection is interrupted, the host's error count will be cleared to zero. However, once the host is blocked, flushing the host cache is the only way to unblock it. The default value is 100.

So the question is, how should we judge this default value? I generally based on whether the size of the value reaches the security level. If the current value is 100, it is a bit large and can be partially matched. Because it's useful for the total violence to crack the behavior.

This method is that if you are rejected, then if you do not perform the operation, you will be rejected all the time and will not be automatically restored. Let's set up the login failure handling of the connection_control module, which can automatically resume login according to the time set by ourselves. Let's first see if there is this module.

No, let's set it up and add this module.

Install plugin connection_control soname "connection_control.so"

Enter the command directly to add. You can use show plugins; to check if there is any successful execution.

It's already shown, so let's take a look at the current default configuration of this module.

Mysql > show variables like'% connection_control%'

+-+ +

| | Variable_name | Value |

+-+ +

| | connection_control_failed_connections_threshold | 3 | |

| | connection_control_max_connection_delay | 2147483647 | |

| | connection_control_min_connection_delay | 1000 | |

+-+ +

3 rows in set (0.00 sec)

Output the password up to three times, and then every 1 second (here 1000 milliseconds), the interval is a little short. Let's add a 0 to the value.

Use the account to test it

Create a new account for testing.

Wait ten seconds before you can continue logging in.

Next, check the login connection timeout.

SHOW GLOBAL VARIABLES LIKE'% timeout%'

Here are some parameters for connection timeout, so I won't go into details here.

III. Identification item c)

When carrying out remote management, necessary measures should be taken to prevent authentication information from being eavesdropped during network transmission.

It means whether to encrypt the remote connection database, some tools are encrypted and some are transmitted in plaintext. To check the remote connection, first of all, check whether remote login is enabled.

Localhost only allows local logins. Check to see if the openssl connection is open.

It's already open. Here the openssl connection is an encrypted connection. Here you can record it according to the situation.

Thank you for your reading, the above is the content of "how to achieve MySQL identity authentication". After the study of this article, I believe you have a deeper understanding of how to achieve MySQL identity authentication, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.