MySQL Security OverviewWhen should you start to worry about MySQL security? When you start to use the MySQL server over an Internet connection. Why? Because that is when your MySQL server is going to be the most vulnerable to all kinds of attacks, such as alterations and denial of service.
print this article SEARCH DEV SHED |
The security issues that we will be discussing here will relate only to the MYSQL Server, but must be taken in the context of securing the entire server host against the above mentioned attacks and others. How does MYSQL Security Work? MYSQL security is based on the Access Control List (or ACL) for all connections, queries and many other operations that a user can perform. What does this mean? Well, it basically means that different users will have varying levels of access to certain databases and tables and that they will be limited to performing only certain operations. For example, a user with full privileges to a database will be able to perform a range of operations such as SELECT, DELETE, UPDATE and INSERT, while a user with limited privileges would only be able to use the SELECT operation and so on. General Guidelines for MYSQL Security On the machine running MYSQL, go into the bin directory where mysql is installed. For example if the installation directory is "c:mysql" then go into the "c:mysqlbin" directory and type the following: Mysql -u root Now press enter. If you get a "Welcome to MYSQL server " message, then it means that you have successfully connected to the server WITHOUT being asked for a password. This means that anyone can access your MYSQL server as the "root" user. This status gives this user complete control over your MYSQL server. Now, I don't have to tell you what it would mean if a hacker should gain this kind of access when you are hosting databases for companies. It is THE ultimate nightmare situation for a Database Administrator. So to avoid this scenario:
blog comments powered by Disqus |
/ 23 
Oracle Announces New MySQL Specialization
