Thursday, April 29, 2010

Secure / harden your MySQL Server...

Some of you might run a own MySQL Server or are in charge managing some..
This tutorial helped me a lot, keeping em' clean & a little bit more secure ;)
But always keep in mind, there are different attack vectors than "just" SQLi & the MySQLd.

Disable or restrict remote access
Disable the use of LOCAL INFILE
Change root username and password
Remove the "test" database
Remove Anonymous and obsolete accounts
Lower system privileges
Lower database privileges
Enable Logging
Remove History
Patch your systems

With another 'paper', regarding industry-style solutions(esp. credit card, bank details storage)


No comments:

Post a Comment