Home arrow MySQL arrow MySQL Security Overview

MySQL Security Overview

When should you start to worry about MySQL security? When you start to use the MySQL server over an Internet connection. Why? Because that is when your MySQL server is going to be the most vulnerable to all kinds of attacks, such as alterations and denial of service.

TABLE OF CONTENTS:
  1. MySQL Security Overview
  2. Passwords
  3. Data transmission
  4. Testing Web Forms
By: Leidago
Poor Best
Rating: starstarstarstarstar / 23
November 27, 2006

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

The security issues that we will be discussing here will relate only to the MYSQL Server, but must be taken in the context of securing the entire server host against the above mentioned attacks and others.

How does MYSQL Security Work?

MYSQL security is based on the Access Control List (or ACL) for all connections, queries and many other operations that a user can perform. What does this mean? Well, it basically means that different users will have varying levels of access to certain databases and tables and that they will be limited to performing only certain operations. For example, a user with full privileges to a database will be able to perform a range of operations such as SELECT, DELETE, UPDATE and INSERT, while a user with limited privileges would only be able to use the SELECT operation and so on.

General Guidelines for MYSQL Security

On the machine running MYSQL, go into the bin directory where mysql is installed. For example if the installation directory is "c:mysql" then go into the "c:mysqlbin" directory and type the following:

Mysql -u root

Now press enter. If you get a "Welcome to MYSQL server " message, then it means that you have successfully connected to the server WITHOUT being asked for a password. This means that anyone can access your MYSQL server as the "root" user. This status gives this user complete control over your MYSQL server. Now, I don't have to tell you what it would mean if a hacker should gain this kind of access when you are hosting databases for companies. It is THE ultimate nightmare situation for a Database Administrator.

So to avoid this scenario:

  • Check your MYSQL installation manual for setting a password for your root account. It is absolutely critical that you do this if you are going to use MYSQL over the Internet.
  • Make sure that you understand the MYSQL access privilege system. Use the GRANT and REVOKE statements to control access to your MYSQL server.
  • Use the SHOW GRANT statement to check who has access to what. And use the REVOKE statement to remove those privileges that you deem not necessary.



 
 
>>> More MySQL Articles          >>> More By Leidago
 

blog comments powered by Disqus
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users
Find More MySQL Articles

Developer Shed Affiliates

 

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap

Dev Shed Tutorial Topics: