Other Tips


We have covered the privilege system, looked at user accounts, considered the underlying filesystem files, and briefly mentioned filtering data. If you are concerned about the security of your network connection (which you probably should be with any external connection), MySQL allows you to encrypt transmissions with SSL. You should also give some consideration to physical security.

Using SSL Connections

If you want to avoid having crackers sniffing packets going between the MySQL server and clients , you can configure MySQL for secure connections. This means that all the data sent between the client and the server is encrypted using SSL (Secure Sockets Layer).

Setting up SSL requires that you install the OpenSSL library (available from www.openssl.org), start the server with the --with-vio and --with-ssl options, and do some setup at the command line. A good sample script of the work you need to do can be found in the MySQL manual; we have not reproduced it here.

After this is set up, you can restrict GRANT statements by requiring users to connect using SSL or to have an appropriate certificate. As a simple example, you can use the following GRANT statement:

 
 grant all on employee.* to testuser identified by 'password' require ssl; 

This creates (or modifies) an account for testuser , giving the user the password password . This user will be able to connect only via SSL. You can demand that all your users connect this way or perhaps all users logging in from anywhere other than localhost .

Securing Your Installation Physically

As a general guideline, if you are going to go to the trouble of carefully setting up user accounts in MySQL and the operating system and perhaps even requiring users to connect via SSL, then it is in your best interest to also secure your installation physically. If someone can take your server down by tripping over the power cable or steal your data by picking up the server and walking away with it, you have an obvious problem. Physical security is frequently forgotten, especially in small to medium- sized companies.

It may be less surprising for Windows, but even otherwise secure Unix/Linux systems are vulnerable when physical security is neglected. For example, with Linux it is trivial to alter a machine's root password when the user has physical access to the machine. Of course, with root access, all the data in your MySQL databases can be compromised.



MySQL Tutorial
MySQL Tutorial
ISBN: 0672325845
EAN: 2147483647
Year: 2003
Pages: 261

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net