Hi,
Being a newcomer to using and administering MySQL servers, I am looking for resources to get up to speed on the current situation of MySQL Security. Please share any resources you may know about, or experiences from which you have gained important knowledge in this area.
Thanks,
Chris
-
That is a very broad topic indeed.
The first thing you should do is run: mysql_secure_installation
You should come to understand the MySQL Privilege system: http://dev.mysql.com/doc/refman/5.0/en/privilege-system.html . Whenever possible you should grant only those privileges necessary for your application (i.e. it is not uncommon for people to just do a GRANT ALL PRIVILEGES which is almost always unnecessary).
The book "High Performance MySQL" (Schwartz et al.) contains a chapter on Security and offers some best practices.
In large part though the answer depends upon your particular application and the type of users it is exposed to. i.e. If it's a web application you might want to consider a DB Firewall like GreenSQL since SQL Injection is a popular attack vector.
Cheers
From Jason -
You should read Hackproofing MySQL. If SQL Injection applies to your application, such as all web applications, then BY FAR most dangerous privilege is
FILE.Chrisc : Thanks Rook, I'll give it a read.From Rook -
Remember to secure the file system too. Assuming you're installing on linux;
- Create a mysql user and don't allow interactive logon for the user
- Change the ownership of all mysql files/directories to the mysql user
- Remove read/write/execute privileges on mysql files/directories for all but the owner
Also see http://dev.mysql.com/doc/refman/5.1/en/security-against-attack.html
From Qwerky
0 comments:
Post a Comment