Chinese
Position:home>Safety sense>
Consolidate your MySQL
From;    Author:Stand originally

Summary
Article chapter enhances the security of MySQL server from a few respect introductions. (2004-03-04 20:29:37)

By brightness

Introductive

MySQL has been become one of most databases are used in current network, go up in Web application especially, the absolutely dominant position that it held medium or small applying. All these results from its cabinet use easily, its safe and effective, its open mode license, its much platform, mainer is it and language of 3 big Web -- the perfect union of PHP.

But unfortunate is, the MySQL of safety of a default, because Root password is sky and program flaw to bring about,can be spilled over, make the server that installs MySQL becomes the target that often is atttacked. More serious is, after be being atttacked, the database often is destroyed, cause disastrous consequence. In what undertake to protect data will be being entered to guard battle below.

Environmental requirement

1. Systematic environment

A Red Hat 9.0 defines the server of installation oneself, the system installed GCC and the software package that a few other ask, for instance Apache, PHP. The first thing after installing a system upgrades namely software package of the system. Regard Web as the server, the system accepts the plea of PHP script, PHP is used below the contact that the MySQL database that will install releases as trends.

The requirement of divisional circumstance and average system are similar, the point with different only depends on from the back build / Chroot and / Tmp asks to be in same on partition.

2. Safe requirement

(1) MySQL moves in to become independent (Chroot) below the environment;
(2) the user that Mysqld process runs at to become independent / below user group,
This user and user group do not have a catalog, without Shell, also cannot use at other program;
(3) the Root account of modification MySQL, use a complex code;
(4) allow MySQL of this locality join only, join of the network when the MySQL that start is prohibited;
(5) the account lands the Nobody that assures join MySQL to be prohibited;
(6) delete Test database.

Install MySQL

1. Install preparation

Before installing MySQL, according to afore-mentioned safe requirements need establishs an user that uses MySQL with Yu Qi and group.

#groupadd Mysql
#useradd Mysql -c "start Mysqld's Account" -d /dev/null -g Mysql -s /sbin/nologin

2. Compile and install

Download MySQL source code wraps:

#wget Http://mysql.he.net/Downloads/MySQL. . .l-4.0.16.tar.gz

Solution compresses:

#tar -zxvf Mysql-4.0.16.tar.gz

Install MySQL in commonly / below Usr/local/mysql, if have special demand, also can adjust by oneself. Make a sense so nevertheless not quite, because from the back Chrooting, the client tool that here just uses when arriving just, for instance Mysql, mysqladmin, mysqldump. Begin to compile installation below.
Previous12 Next