Tips for Improve Mysql,MariaDB Security
MySQL brands itself as the world’s most popular open source database. As popular as MySQL database is among developers and SQL enthusiasts, it is equally popular amongst hackers. In today's article, you’ll learn some tips and tricks for securing your MySQL or MariaDB databases 1.Remove Users Without Password
1.Remove Users Without Password
There
are already created users, some of some of which can connect to the
database without a password or, even worse, anonymous users.This has
changed in MySQL 5.7 which, by default, comes only with a root
account that uses the password you choose at installation time. Still,
there are MySQL installations which were upgraded from previous versions
and these installations keep the legacy users. Also, MariaDB 10.2 on
Centos-7 comes with anonymous users. Please note that users with very simple passwords are almost as insecure
as users without any password. Passwords like “password” or “qwerty”
are not really helpful.
2. Change default port mappings
MySQL by default runs on port 3306. This should be changed after installation to obfuscate what critical services are running on which ports, as attackers will initially attempt to exploit default values.3.Do not run MySQL with root level privileges
MySQL should be run under a specific, newly-created user account with the necessary permissions to run the service, as opposed to directly as the root user. This adds some auditing and logging benefits while preventing attackers from gaining access by hijacking the root user account.4. Limit or disable SHOW DATABASES
Again, stripping remote attackers of their information gathering capabilities is critical to a secure security posture. For this reason, the SHOW DATABASES command should be limited or removed entirely by adding skip-show-database to the [mysqld] section of the MySQL configuration file at /etc/my.cnf.References:
[1] https://www.upguard.com/blog/top-11-ways-to-improve-mysql-security
[2] https://severalnines.com/database-blog/ten-tips-how-achieve-mysql-and-mariadb-security
[2] https://severalnines.com/database-blog/ten-tips-how-achieve-mysql-and-mariadb-security
0 Comments