Home arrow MySQL arrow Page 3 - MySQL Security Tips

Weak MySQL password administration - MySQL

If you are a web developer or administrator, aside from administering your web server, you should also be administering your MySQL database in terms of security. This database is open source and is commonly used with the PHP web server scripting language; tons of useful applications are being developed with this kind of setup. This is good, but it opens up issues, which we'll discuss here along with their solutions.

TABLE OF CONTENTS:
  1. MySQL Security Tips
  2. Open port in your MySQL server
  3. Weak MySQL password administration
  4. Properly assigned privileges
By: Codex-M
Rating: starstarstarstarstar / 5
November 05, 2009

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Do not ever try to store passwords in plain text. It is highly recommended to encrypt the password when it is stored in a MySQL database. If your database has been compromised, the passwords in plain text can be used to log in to the CMS panel, further compromising your website.

This is why, if you are using WordPress, by default they are stored as MD5, which is a one-way encryption and cannot be reversed. In this method, there is no way for a hacker to reverse engineer a password encrypted using MD5.

It is also extremely important that all users in the database have strong passwords that are stored in encrypted form the MySQL database.

MySQL injection issue

This is so far the biggest MySQL security problem. A lot of websites get compromised because of hackers using SQL injection methods. The root cause is improper validation of user inputs. It is always important to NEVER trust user data coming from forms or URLs.

You can easily prevent MySQL injection. Just follow four simple steps.

First, designing the database in such a way that it will only accept valid data entries for storing. If hackers inject code which fails to validate in the database fields design, it will be rejected and fail to be stored to the database. You can read more about MySQL database design.

Second, make sure you validate form user inputs. If you have strong validation of user inputs, it will be very hard to compromise the forms by entering malicious scripts. You can read more about PHP form validation.

Third, monitor your logs for MySQL injection entries. If you see an IP address engaging in possible MySQL injection, block the IP. That will make it harder for hackers to break into your website.

Fourth, prefer POST over using GET for common form submission. Although this is not a strict requirement, using POST will hide variables from being shown in the URL. GET will expose the variables and other values in the URL, making it very easy for hackers to look for possible exploits.



 
 
>>> More MySQL Articles          >>> More By Codex-M
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: