Home arrow MySQL arrow MySQL Security Tips

MySQL Security Tips

If you are a web developer or administrator, aside from administering your web server, you should also be administering your MySQL database in terms of security. This database is open source and is commonly used with the PHP web server scripting language; tons of useful applications are being developed with this kind of setup. This is good, but it opens up issues, which we'll discuss here along with their solutions.

TABLE OF CONTENTS:
  1. MySQL Security Tips
  2. Open port in your MySQL server
  3. Weak MySQL password administration
  4. Properly assigned privileges
By: Codex-M
Rating: starstarstarstarstar / 5
November 05, 2009

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Because of its immense popularity, MySQL is also a regular target for malicious users or hackers wanting to exploit your system and steal data. This type of exploit can be serious; it can include putting malicious software on your web server and using the website to host malware.

To avoid letting your database be compromised, this article outlines useful tips which every webmaster should be implementing to maximize database security. These tips come from experience, and from the MySQL developers themselves.

We will outline possible security issues with using MySQL and then propose feasible corrective actions.

Network eavesdropping to compromise connection

This is particularly true if you belong to an untrusted network. Someone may have the time to sniff your connection to the MySQL server and compromise the connections.

The default connection to the MySQL server is not encrypted (for most hosting companies), which could be a problem if you are sending sensitive data to the MySQL server.

To correct this problem, encrypt the connection or session to the MySQL server. You have two options when encrypting data, SSH or SSL.

SSH is short for "secure shell." If you prefer to work with a command line rather than a GUI, then you'll find that using SSH is great for encrypting the packets going in and out of the MySQL server.

SSL stands for "secure socket layer." It is very important for commercial websites, especially if you are running a business that accepts sensitive information, such as credit card numbers.

If you want to look at it as a system, MySQL server serves two entities: the connection between MySQL server and the MySQL client, and the connection between MySQL server and the web server. See the screen shot below for a visual representation.

Not all web hosts offer SSL connections in phpMyadmin. So if you need to encrypt some of your connections, you need to check with your web hosting company to see if they enable SSL by default when connecting to phpmyadmin.

Some free hosting companies disable this feature, so a free hosting account is more susceptible to an eavesdropping problem.

If you use Putty, you can use it to connect to the remote MySQL server using SSH protocol. A discussion of this topic is beyond the scope of this article, though you can easily download Putty. You can also find some Putty security tutorials if you're interested in pursuing this topic further.

Then, if you accept sensitive data from customers, you can purchase an SSL certificate and install it in your website, so that communication between web forms and the web server is encrypted.



 
 
>>> More MySQL Articles          >>> More By Codex-M
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: