Much like my last entry on memcache, I'm not trying to write the ultimate security guide for securing a mysql server... I'm just outlining the kinds of steps you should take to have a level of security on par with the locks on your car... Enough to encourage the average plunderer to move along to another target. Listen Only Where You Want to HearJust like memcache, the default mysql install is listening patiently on all your server's ethernet devices for someone to connect. So, just like memcache, we need to tell mysql to only listen on the ethernet device we care about. For your average single-server web host, you only need to listen to your local host. Find your my.conf file. On servers I manage, this is either at/etc/my.conf
or
/etc/mysql/my.confThis configuration file will contain all kinds of goodies about performance tuning your mysql server, connection details for your mysql client, etc. you want to find the section with the heading [mysqld]and add this line:bind-address = 127.0.0.1If you are in some kind of multi-machine environment, you'll want to set that to whatever your private IP address is - under no circumstances should this be an ip address the general public can reach. Secure Your Root PasswordWhen you first start mysql on a new install, it prints out a message that says something like "Don't forget to set a root password!", and gives you a couple of command-line examples. But guess what? A lot of people never get around to setting these (and I have been as guilty of that as anyone). Read more: CodeSherpas
or
/etc/mysql/my.confThis configuration file will contain all kinds of goodies about performance tuning your mysql server, connection details for your mysql client, etc. you want to find the section with the heading [mysqld]and add this line:bind-address = 127.0.0.1If you are in some kind of multi-machine environment, you'll want to set that to whatever your private IP address is - under no circumstances should this be an ip address the general public can reach. Secure Your Root PasswordWhen you first start mysql on a new install, it prints out a message that says something like "Don't forget to set a root password!", and gives you a couple of command-line examples. But guess what? A lot of people never get around to setting these (and I have been as guilty of that as anyone). Read more: CodeSherpas
Posts
0 comments:
Post a Comment