数据安全之MySQL安全的二十三条军规_MySQL
使用MySQL,安全问题不能不注意。以下是MySQL提示的23个注意事项: _Fu#sJzB
]BMfXcJPG
1.如果客户端和服务器端的连接需要跨越并通过不可信任的网络,那么就需要使用SSH隧道来加密该连接的通信。 %/EU_GcW1
fWDohI>K\!
2.用set password语句来修改用户的密码,三个步骤,先“mysql -u root”登陆数据库系统,然后“mysql> update mysql.user set password=password('newpwd')”,最后执行“flush privileges”就可以了。 !4r'1p
&\cz= y{
3.需要提防的攻击有,防偷听、篡改、回放、拒绝服务等,不涉及可用性和容错方面。对所有的连接、查询、其他操作使用基于ACL即访问控制列表的安全措施来完成。也有一些对SSL连接的支持。 EuFia.'6s
16gVf /QrA
4.除了root用户外的其他任何用户不允许访问mysql主数据库中的user表; d5-_*N~
$jHdT
加密后存放在user表中的加密后的用户密码一旦泄露,其他人可以随意用该用户名/密码相应的数据库; 'f~2zic
V%D[
5.用grant和revoke语句来进行用户访问控制的工作; ,^IE}*/(Y
kaYu-
6.不使用明文密码,而是使用md5()和sha1()等单向的哈系函数来设置密码; zX0 86h_y
r3M;mESJ
7.不选用字典中的字来做密码; Pjkh[W0Ox
z`[[?@
8.采用防火墙来去掉50%的外部危险,让数据库系统躲在防火墙后面工作,或放置在DMZ区域中; A[_Y-^R
(+qj+bRF2[
9.从因特网上用nmap来扫描3306端口,也可用telnet server_host 3306的方法测试,不能允许从非信任网络中访问数据库服务器的3306号TCP端口,因此需要在防火墙或路由器上做设定; Q. "_qk|jv
TLX $?
10.为了防止被恶意传入非法参数,例如where ID=234,别人却输入where ID=234 OR 1=1导致全部显示,所以在web的表单中使用''或""来用字符串,在动态URL中加入%22代表双引号、%23代表井号、%27代表单引号;传递未检查过的值给mysql数据库是非常危险的; ^kNjMI\|k
y
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1664
14
1423
52
1318
25
1269
29
1248
24
MySQL and phpMyAdmin: Core Features and Functions
Apr 22, 2025 am 12:12 AM
MySQL and phpMyAdmin are powerful database management tools. 1) MySQL is used to create databases and tables, and to execute DML and SQL queries. 2) phpMyAdmin provides an intuitive interface for database management, table structure management, data operations and user permission management.
MySQL vs. Other Programming Languages: A Comparison
Apr 19, 2025 am 12:22 AM
Compared with other programming languages, MySQL is mainly used to store and manage data, while other languages such as Python, Java, and C are used for logical processing and application development. MySQL is known for its high performance, scalability and cross-platform support, suitable for data management needs, while other languages have advantages in their respective fields such as data analytics, enterprise applications, and system programming.
Oracle's Role in the Business World
Apr 23, 2025 am 12:01 AM
Oracle is not only a database company, but also a leader in cloud computing and ERP systems. 1. Oracle provides comprehensive solutions from database to cloud services and ERP systems. 2. OracleCloud challenges AWS and Azure, providing IaaS, PaaS and SaaS services. 3. Oracle's ERP systems such as E-BusinessSuite and FusionApplications help enterprises optimize operations.
How often should you regenerate session IDs?
Apr 23, 2025 am 12:03 AM
The session ID should be regenerated regularly at login, before sensitive operations, and every 30 minutes. 1. Regenerate the session ID when logging in to prevent session fixed attacks. 2. Regenerate before sensitive operations to improve safety. 3. Regular regeneration reduces long-term utilization risks, but the user experience needs to be weighed.
Explain the purpose of foreign keys in MySQL.
Apr 25, 2025 am 12:17 AM
In MySQL, the function of foreign keys is to establish the relationship between tables and ensure the consistency and integrity of the data. Foreign keys maintain the effectiveness of data through reference integrity checks and cascading operations. Pay attention to performance optimization and avoid common errors when using them.
Compare and contrast MySQL and MariaDB.
Apr 26, 2025 am 12:08 AM
The main difference between MySQL and MariaDB is performance, functionality and license: 1. MySQL is developed by Oracle, and MariaDB is its fork. 2. MariaDB may perform better in high load environments. 3.MariaDB provides more storage engines and functions. 4.MySQL adopts a dual license, and MariaDB is completely open source. The existing infrastructure, performance requirements, functional requirements and license costs should be taken into account when choosing.
SQL vs. MySQL: Clarifying the Relationship Between the Two
Apr 24, 2025 am 12:02 AM
SQL is a standard language for managing relational databases, while MySQL is a database management system that uses SQL. SQL defines ways to interact with a database, including CRUD operations, while MySQL implements the SQL standard and provides additional features such as stored procedures and triggers.
How to safely store JavaScript objects containing functions and regular expressions to a database and restore?
Apr 19, 2025 pm 11:09 PM
Safely handle functions and regular expressions in JSON In front-end development, JavaScript is often required...
