35.2. Operating System Security


Security of a system often is related to the complexity of its configuration. Consequently, you should minimize the number of tasks that the server host is used for that do not directly relate to running MySQL. A host that is configured for fewer tasks can be made secure more easily than a host running a complex configuration that supports many services.

It is best if the MySQL server machine is used primarily or exclusively for MySQL, and not for other purposes such as Web hosting or mail processing, or as a machine that hosts login accounts for general-purpose interactive use.

If other users can log in, there is a potential risk that database information may be exposed that should be kept private to the MySQL installation and its administrative account. For example, improper filesystem privileges may expose data files. Users can run the ps command to view information about processes and their execution environment.

When the machine is used only for MySQL, there is no need to have login accounts except the system administrative accounts and any that might be needed for administering MySQL itself (such as the account for the mysql user). Also, the fewer network services that are run on the server host, the fewer network ports need be kept open. Closing ports minimizes the number of avenues of attack to which the host is exposed.

There is also a performance benefit to minimizing the number of non-MySQL services: More of the system's resources can be devoted to MySQL.



MySQL 5 Certification Study Guide
MySQL 5.0 Certification Study Guide
ISBN: 0672328127
EAN: 2147483647
Year: 2006
Pages: 312

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net