1、详解MySQL安全配置详解Mysql安全配置目录1.前言2.Mysql账户权限安全3.Mysql数据的网络安全配置4.密码策略安全5.Mysql日志6.Mysql数据库服务所在主机安全配置7.部署SQL注入检测、防御模块8.mysqld安全相关启动选项9.mysql备份策略1. 前言Mysql数据库安全配置、或者叫加固属于风险模型中的一环,它需要安全人员在理论和实践的学习中不断发现新的问题,并针对这些问题对数据的各个方面的配置进行强化。本文试图围绕着数据库风险识别、数据库安全加固这个问题,探讨可以采取的措施来最大程度的保证我们的数据库的安全控制处在一个较好的水平。2. Mysql账户权限安全m
2、ysql中存在4个控制权限的表,分别为1.mysql.USER表2.mysql.DB表3.mysql.TABLES_PRIV表4.mysql.COLUMNS_PRIV表要注意的是,Mysql中有一个数据库information_schema,似乎里面保存的也是一些权限信息,但是要明白的是,这个数据库information_schema是为系统管理员提供元数据的一个简便方式,它实际上是一个视图,可以理解为对Mysql中的一个信息的封装,对于Mysql主程序来说,身份认证和授权的信息的来源只有一个,就是mysql。 01. mysql.user表select*fromuser;descUSER;m
3、ysqldescUSER;+-+-+-+-+-+-+|Field|Type|Null|Key|Default|Extra|+-+-+-+-+-+-+|Host|char(60)|NO|PRI|User|char(16)|NO|PRI|Password|char(41)|NO|Select_priv|enum(N,Y)|NO|N|Insert_priv|enum(N,Y)|NO|N|Update_priv|enum(N,Y)|NO|N|Delete_priv|enum(N,Y)|NO|N|Create_priv|enum(N,Y)|NO|N|Drop_priv|enum(N,Y)|NO|N|Re
4、load_priv|enum(N,Y)|NO|N|Shutdown_priv|enum(N,Y)|NO|N|Process_priv|enum(N,Y)|NO|N|File_priv|enum(N,Y)|NO|N|Grant_priv|enum(N,Y)|NO|N|References_priv|enum(N,Y)|NO|N|Index_priv|enum(N,Y)|NO|N|Alter_priv|enum(N,Y)|NO|N|Show_db_priv|enum(N,Y)|NO|N|Super_priv|enum(N,Y)|NO|N|Create_tmp_table_priv|enum(N,Y
5、)|NO|N|Lock_tables_priv|enum(N,Y)|NO|N|Execute_priv|enum(N,Y)|NO|N|Repl_slave_priv|enum(N,Y)|NO|N|Repl_client_priv|enum(N,Y)|NO|N|Create_view_priv|enum(N,Y)|NO|N|Show_view_priv|enum(N,Y)|NO|N|Create_routine_priv|enum(N,Y)|NO|N|Alter_routine_priv|enum(N,Y)|NO|N|Create_user_priv|enum(N,Y)|NO|N|Event_p
6、riv|enum(N,Y)|NO|N|Trigger_priv|enum(N,Y)|NO|N|Create_tablespace_priv|enum(N,Y)|NO|N|ssl_type|enum(,ANY,X509,SPECIFIED)|NO|ssl_cipher|blob|NO|NULL|x509_issuer|blob|NO|NULL|x509_subject|blob|NO|NULL|max_questions|int(11)unsigned|NO|0|max_updates|int(11)unsigned|NO|0|max_connections|int(11)unsigned|NO
7、|0|max_user_connections|int(11)unsigned|NO|0|plugin|char(64)|YES|authentication_string|text|YES|NULL|password_expired|enum(N,Y)|NO|N|+-+-+-+-+-+-+02. mysql.db表select*fromdb;descDB;mysqldescDB;+-+-+-+-+-+-+|Field|Type|Null|Key|Default|Extra|+-+-+-+-+-+-+|Host|char(60)|NO|PRI|Db|char(64)|NO|PRI|User|c
8、har(16)|NO|PRI|Select_priv|enum(N,Y)|NO|N|Insert_priv|enum(N,Y)|NO|N|Update_priv|enum(N,Y)|NO|N|Delete_priv|enum(N,Y)|NO|N|Create_priv|enum(N,Y)|NO|N|Drop_priv|enum(N,Y)|NO|N|Grant_priv|enum(N,Y)|NO|N|References_priv|enum(N,Y)|NO|N|Index_priv|enum(N,Y)|NO|N|Alter_priv|enum(N,Y)|NO|N|Create_tmp_table
9、_priv|enum(N,Y)|NO|N|Lock_tables_priv|enum(N,Y)|NO|N|Create_view_priv|enum(N,Y)|NO|N|Show_view_priv|enum(N,Y)|NO|N|Create_routine_priv|enum(N,Y)|NO|N|Alter_routine_priv|enum(N,Y)|NO|N|Execute_priv|enum(N,Y)|NO|N|Event_priv|enum(N,Y)|NO|N|Trigger_priv|enum(N,Y)|NO|N|+-+-+-+-+-+-+03. mysql.tables_priv
10、表select*fromTABLES_PRIV;descTABLES_PRIV;mysqldescTABLES_PRIV;+-+-+-+-+-+-+|Field|Type|Null|Key|Default|Extra|+-+-+-+-+-+-+|Host|char(60)|NO|PRI|Db|char(64)|NO|PRI|User|char(16)|NO|PRI|Table_name|char(64)|NO|PRI|Grantor|char(77)|NO|MUL|Timestamp|timestamp|NO|CURRENT_TIMESTAMP|onupdateCURRENT_TIMESTAMP|Table_priv|set(Select,Insert,Update,Delete,Create,Drop,Grant,References,Index,Alter,CreateView,Showview,Trigger)|NO|Column_priv|set(Select,Insert,Update,References)|NO|+-+-+-+-+-+-+04. mysql. columns_priv表select*fromcolumns_priv;desccolumns_priv;mysqldesccolumns_priv;+-+-