NYCPHP Meetup

NYPHP.org

[nycphp-talk] MySQL security

Analysis & Solutions danielc at analysisandsolutions.com
Mon May 19 01:04:44 EDT 2003 

Hi John:

On Sun, May 18, 2003 at 12:20:18AM -0400, John Adair wrote:
> I can't seem to find my my.cnf file.

One isn't installed by default, necessarily.  What does come with the
distribution, at least on Windows, is a set of sample files.  They're in
the root of your MySQL direcory, with names like "my-small.cnf" and
"my-huge.cnf."  Copy an appropriate one to the appropriate location: /etc
or c:\\.  It's also a good idea to put a blank one in your mysql/data
directory, just to make sure a malicious one doesn't get put there.  Now,
MAKE SURE the file permissions on these files don't allow anyone but the
system administrator to change their contents.


> phpmyadmin can access it and all.

I stay away from third party convenience tools like that.  phpmyadmin has 
had some very basic vulnerabilities.  Plus, I imagine one can store 
passwords in a file


> Do you have any other security advice?

Put your database username/password in one separate file which you then
include from the rest of your scripts.  Then, place that file in a secure
location, preferably not in the document root of the web server.  Then
make sure permissions on that file only allow authorized persons to view,
let alone, heaven forbid, edit it.

Finally, the default MySQL distribution has several security openings.  Do 
the following queries to close them.

   delete from user where Host='%';
   delete from user where User='';
   delete from db where Host='%';
   update user set User='NewRootName',
      Password=password('NewPassword') where User='root';
   flush privileges; 

I've got an execllent tutorial regarding MySQL installation.  While it 
focuses on Windows machines, there are lots of general tips in there too.  
It's on line at http://www.analysisandsolutions.com/code/mybasic.htm

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409

More information about the talk mailing list