Home arrow MySQL arrow Page 2 - MySQL Security Overview

Passwords - MySQL

When should you start to worry about MySQL security? When you start to use the MySQL server over an Internet connection. Why? Because that is when your MySQL server is going to be the most vulnerable to all kinds of attacks, such as alterations and denial of service.

TABLE OF CONTENTS:
  1. MySQL Security Overview
  2. Passwords
  3. Data transmission
  4. Testing Web Forms
By: Leidago
Rating: starstarstarstarstar / 23
November 27, 2006

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

When storing passwords in your database, take care not to store your passwords in plain text. If your system becomes compromised, the intruder will have a field day with your list of passwords. Encrypt them with MD5() or SHA1() or any other one way hash function, to make it hard for any intruder to get any passwords they can do anything with.

Also, make sure that you combine numbers and letters when generating a password. There are sophisticated password crackers being developed as we speak and although any password that you create can eventually be broken, you can make it difficult for intruders to do so by just making this small effort. Another method of creating memorable but difficult passwords is to think of a sentence such as "Mary had a little lamb" and take the first letter of each word in the sentence. This will give you something like this: "mhall." You can then add a memorable number to the word, and to make this even more difficult you can capitalize some of the letters. Arrange the numbers around the letters, so that it is easy to remember, but difficult to guess for someone who does not know the password.

Firewalls

You are probably sick of hearing this, but proper firewall protection is absolutely essential if you have an Internet connection. It will help keep a significant number of exploits and other attacks off your system and therefore away from your MySQL installation. So if at all possible try to install a firewall and make sure to put MySQL behind it.

Also most attacks are made possible by a port being open. A firewall blocks this kind of access, if configured to do so. After installing a firewall you can test whether the port at which MySQL listens is open or closed. You can do this with a program like Telnet. Just type:

telnet mysql 3306

If you get a reply with garbage, then the port is open and should be closed. If you do not get any reply, then the port is closed, which is what we want.



 
 
>>> More MySQL Articles          >>> More By Leidago
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: