MYSQL数据库的安全安装
对于稍微有些功能的互联网应用,无论是网站、商城、微信公众号或者是移动App,都缺不了数据库。网站信息,用户登录信息甚至是管理员登录信息都存储在数据库,数据库的重要性不言而喻。MYSQL作为全球最流行的开源数据库,用户量巨大,国内的很多中小型应用也都是使用MYSQL。MYSQL安装和使用都非常方便,然而这也很容易让网站开发者或者站长忽视了其中存在的安全隐患。
事实上,在正常的MYSQL安装后,有可能还存在下面这些问题:
- 安装时没有设置root账号的密码或者设置的密码太简单了。
- 允许root账号从数据库服务器所在的本机远程访问。
- 有匿名登录数据库的账号。
- 有一个名叫“test”的测试数据库,该数据库默认是允许匿名用户访问的。
Linux平台的服务器
如果网站使用的是Linux平台的服务器,那么在安装完MYSQL数据库后,通过运行下面的这个小程序就能通过下面这几部来帮助你提高MYSQL数据库的安全性:
- 你可以设置或者重置root账号的密码。
- 你可以删除root账号远程访问数据库的规则。
- 你可以删除匿名用户的账号。
- 你可以删除测试数据库“test”。
下面贴出一个实际运行上述安全安装MYSQL数据库程序的log作为参考:
Example: localhost:# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here.
Enter current password for root (enter for none): OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] n ... skipping.
By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.
Remove anonymous users? [Y/n] y ... Success!
Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y ... Success!
By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.
Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success!
Reloading the privilege tables will ensure that all changes made so far will take effect immediately.
Reload privilege tables now? [Y/n] y ... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB installation should now be secure.
Thanks for using MariaDB!
Windows服务器
如果网站使用的是Windows服务器,那么请自行对照上面的安全隐患,逐条解决。另外,进行完所有操作后,记得通过命令“Flush Privilege;”让所做的修改在MYSQL数据库里即时生效。