لطفا منتظر باشید ...
• Table of Contents
• Index
• Reviews
• Reader Reviews
• Errata
• Academic
High Performance MySQL
By
Derek J. Balling, Jeremy Zawodny
Publisher: OReilly
Pub Date: April 2004
ISBN: 0-596-00306-4
Pages: 294
Slots: 1.0
In High Performance MySQL you will
learn about MySQL indexing and optimization in depth so you
can make better use of these key features. You will learn
practical replication, backup, and load-balancing strategies
with information that goes beyond available tools to discuss
their effects in real-life environments. And youll learn
the supporting techniques you need to carry out these tasks,
including advanced configuration, benchmarking, and
investigating logs.
10.4 Operating System Security
Even the most well thought out and
secure grant tables will do you little good if any random cracker can
get root access to your server. With unlimited access, someone could
simply copy all your data files to another machine running
MySQL.[5]
Doing so would effectively give the cracker an identical copy of your
database.[5] Remember: MyISAM data files are portable
across operating systems and CPU architectures.
Data theft isn't the only threat to guard against. A
creative cracker may decide that it's more fun to
make subtle changes to your data over the course of weeks or even
months. Depending on how long you keep backups around and when the
data corruption is noticed, such an attack could be quite
devastating.
10.4.1 Guidelines
The general guidelines discussed
here aren't a comprehensive guide to system
security. If you are serious about securityand you should
bewe recommend a copy of
O'Reilly's Practical
Unix and Internet Security by Simson Garfinkel, Gene
Spafford, and Alan Schwartz. That said, here are some ideas for
maintaining good security on your database servers:Don't run MySQL from a privileged account
The root user on Unix and the system (Administrator) user on Windows
possess ultimate control over the system. If a security bug is
discovered in MySQL, and you're running it as a
privileged user, a hacker can gain extensive access to your server.
The installation instructions are quite clear about this, but it
bears repeating. Create a separate account, usually
mysql, for the purpose of running MySQL.
Keep your operating system up to date
All operating system vendors (Microsoft, Sun, RedHat, SUSE, etc.)
provide notifications when a security-related update is available.
Find your vendor's mailing list and subscribe to it.
Pay special attention to the security list for MySQL itself,
obviously, as well as anything that may interact directly with the
database, such as PHP or Perl.
Restrict logins on the database host
Does every developer building a MySQL-based application need an
account on the server? Certainly not; only system and database
administrators need accounts on the machine. All the developers need
to be able to do is issue queries against the database remotely using
TCP/IP.
Have your server audited
Many larger organizations have internal auditors who can assess the
security of a server and make recommendations for improving it. If
you aren't lucky enough to have access to auditors,
you can hire a security consultant to perform the audit.
Backups are important here as well. If your server is broken into,
you'll need to reinstall the operating system from
an untainted source. Once that's done,
you'll be faced with the task of having to restore
all the data. If you have the luxury of time, you might compare the
hacked server to a known good backup in an effort to determine how
the hacker was able to get in. Chapter 9 is
devoted to backup and recovery issues.
