When thinking about security within MySQL you should consider a wide range of possible topics and how they might affect the security of your MySQL server and related applications.
All of the following are issues that you should be aware of:
- • Security of the installation itself. The data files, log files, and the all the application files of your installation should be protected to ensure that they are not readable or writable by unauthorized parties. For more information, see Chapter 2, Post-Installation Setup and Testing.
• Access control and security within the database system itself, including the users and databases granted with access to the databases, views and stored programs in use within the database. For more information, see Chapter 3, The MySQL Access Privilege System, Chapter 4, MySQL User Account Management.
• Network security of MySQL and your system. The security is related to the grants for individual users, but you may also wish to re-strict MySQL so that is only available locally, or to a limited set of hosts.
• Security of your application to ensure that SQL injections and other corruption of the data does not occur. See Chapter 1, General Security Issues.
• Ensure that you have adequate and appropriate backups of your database files, configuration and log files. Also be sure that you have a recovery solution in place and test that you are able to successfully recover the information from your backups.
General Security Issues
This section describes some general security issues to be aware of and what you can do to make your MySQL installation more secure against attack or misuse. For information specifically about the access control system that MySQL uses for setting up user accounts and checking database access, see Chapter 3, The MySQL Access Privilege System.
For answers to some questions that are often asked about MySQL Server security issues, see MySQL 6.0 FAQ — Security.
Post-Installation Setup and Testing
After installing MySQL, there are some issues that you should address. For example, on Unix, you should initialize the data directory and create the MySQL grant tables. On all platforms, an important security concern is that the initial accounts in the grant tables have no passwords. You should assign passwords to prevent unauthorized access to the MySQL server. Optionally, you can create time zone tables to enable recognition of named time zones. The following sections include post-installation procedures that are specific to Windows systems and to Unix systems. Another section, Section 2.2.3, “Starting and Troubleshooting the MySQL Server”, applies to all platforms; it describes what to do if you have trouble getting the server to start. Section 2.3, “Securing the Initial MySQL Accounts”, also applies to all platforms. You should follow its instructions to make sure that you have properly protected your MySQL accounts by assigning passwords to them. When you are ready to create additional user accounts, you can find information on the MySQL access control system and account management in Chapter 3, The MySQL Access Privilege System, and Chapter 4, MySQL User Account Management.
The MySQL Access Privilege System
The primary function of the MySQL privilege system is to authenticate a user who connects from a given host and to associate that user with privileges on a database such as SELECT, INSERT, UPDATE, and DELETE. Additional functionality includes the ability to have anonymous users and to grant privileges for MySQL-specific functions such as LOAD DATA INFILE and administrative operations.
MySQL User Account Management
A MySQL account is defined in terms of a user name and the client host or hosts from which the user can connect to the server. The account also has a password. There are several distinctions between the way user names and passwords are used by MySQL and the way they are used by your operating system.
Backup and Recovery
It is important to back up your databases in case roblems occur so that you can recover your data and be up and running again. MySQL offers a variety of backup strategies from which you can choose to select whatever methods best suit the requirements for your installation.
Questions
• 7.1: Does MySQL 6.0 have built-in authentication against LDAP directories?
• 7.2: Where can I find documentation that addresses security issues for MySQL?
• 7.3: Does MySQL 6.0 include support for Roles Based Access Control (RBAC)?
• 7.4: Is SSL support be built into MySQL binaries, or must I recompile the binary myself to enable it?
• 7.5: Does MySQL 6.0 have native support for SSL?
0 komentar:
Posting Komentar