[nycphp-talk] MySQL security
Hans Zaunere
zaunere at yahoo.com
Sun May 18 13:20:52 EDT 2003
--- John Adair <jadair at adairservices.net> wrote:
> I can't seem to find my my.cnf file. I know mysql is up and running.
> phpmyadmin can access it and all. How do I figure out where the my.cnf
> file (if by another name) is the actual configuration file in use.
It can be a bit tricky, and really depends on your OS and how MySQL was
setup. If you used a RedHat RPM, for instance, then my.cnf should be in
/etc. If not, you just need to create one there. If you've compiled from
source or installed the binary package mysql.com then my.cnf isn't created by
default so you can just create it in either /etc/ or in your data directory.
If this is Windows, sorry, I have no idea :) (but typically, you can create
the my.cnf in your data directory and it'll get picked up).
> Do you have any other security advice?
Well, for instance, if you're setting up a shared server, where multiple
people will have DBs, some of the privacy/etc settings are nice
(http://www.mysql.com/doc/en/Privileges_options.html). And, in general, just
be diligent with giving permissions, trying to the most restrictive and
becoming more lenient from there.
H
>
> -----Original Message-----
> From: Hans Zaunere [mailto:zaunere at yahoo.com]
> Sent: Saturday, May 17, 2003 9:38 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] MySQL security
>
>
>
> --- Susan Shemin <shemin.sr at verizon.net> wrote:
> > How secure is a MySQL database?
>
> Very.
>
> > I'm putting together a new site (with
> > individual logins), and I want to market the site on the basis that their
> > data will be secure, and no one can hack into it. Can I say this with
> > using MySQL?
>
> Certainly.
>
> That said, MySQL's security depends on proper setup and use of it's
> permissions system, as is the case with any other database. And, if you
> will
> only be accessing the DB from the local system, set MySQL not to listen on
> a
> public socket with the disable-tcp configuration option in my.cnf.
>
> An advantage that MySQL has is it's Open Source development model. While I
> realize that some would suggest Open Source is a security weakness,
> especially in MySQL's I don't think this is so. There are thousands of
> eyes
> on the MySQL codebase, constantly auditing it and trying to weed out any
> issues.
>
> H
>
>
> >
> > Susan
> >
> >
> >
> >
> >
> >
>
>
>
>
>
>
>
>
>
> --- Unsubscribe at http://nyphp.org/list/ ---
>
>
More information about the talk
mailing list