Home arrow MySQL arrow Page 4 - MySQL Security Tips

Properly assigned privileges - MySQL

If you are a web developer or administrator, aside from administering your web server, you should also be administering your MySQL database in terms of security. This database is open source and is commonly used with the PHP web server scripting language; tons of useful applications are being developed with this kind of setup. This is good, but it opens up issues, which we'll discuss here along with their solutions.

TABLE OF CONTENTS:
  1. MySQL Security Tips
  2. Open port in your MySQL server
  3. Weak MySQL password administration
  4. Properly assigned privileges
By: Codex-M
Rating: starstarstarstarstar / 5
November 05, 2009

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

When working with a developer or other people who need special access to your web site, do not always give them the root access (full access) for the MySQL server. Instead, you can assign privileges and provide them limited access to prevent possible leaking of accounts which can compromise the system.

For example, a developer's privileges can be limited to inserting tables, editing tables and creating databases. You could withhold the privilege of looking into other sensitive databases in the server.

You can learn more about user privileges.

Restrict access to MySQL database by allowed IP

One effective way to reduce the possibility of compromising your database is to restrict access to it using the IP address. You need to define your IP address and use that to configure MySQL so that, when other IP addresses try to access the database, they will be denied.

You can read more about restricting access by IP address.

Also, if you use a web form to communicate with your web server, below are some tips you can use to restrict access to certain users, based on the specific country. For example, if you have a website that accepts form inputs from people living only in the USA, you can:

  • Grab the IP address of the form user.
  • Analyze the geo location of the IP address. You can use a database shown here.
  • If the IP is not allowed, form inputs will not be allowed to enter the MySQL database.

You can also use a firewall to allow only certain IP address to pass through to the MySQL server. In this way, access is controlled and security will be improved.



 
 
>>> More MySQL Articles          >>> More By Codex-M
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: