| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
| <HTML |
| ><HEAD |
| ><TITLE |
| >MySQL</TITLE |
| ><META |
| NAME="GENERATOR" |
| CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK |
| REL="HOME" |
| TITLE="The Bugzilla Guide - 2.20.1 |
| Release" |
| HREF="index.html"><LINK |
| REL="UP" |
| TITLE="Bugzilla Security" |
| HREF="security.html"><LINK |
| REL="PREVIOUS" |
| TITLE="Operating System" |
| HREF="security-os.html"><LINK |
| REL="NEXT" |
| TITLE="Webserver" |
| HREF="security-webserver.html"></HEAD |
| ><BODY |
| CLASS="section" |
| BGCOLOR="#FFFFFF" |
| TEXT="#000000" |
| LINK="#0000FF" |
| VLINK="#840084" |
| ALINK="#0000FF" |
| ><DIV |
| CLASS="NAVHEADER" |
| ><TABLE |
| SUMMARY="Header navigation table" |
| WIDTH="100%" |
| BORDER="0" |
| CELLPADDING="0" |
| CELLSPACING="0" |
| ><TR |
| ><TH |
| COLSPAN="3" |
| ALIGN="center" |
| >The Bugzilla Guide - 2.20.1 |
| Release</TH |
| ></TR |
| ><TR |
| ><TD |
| WIDTH="10%" |
| ALIGN="left" |
| VALIGN="bottom" |
| ><A |
| HREF="security-os.html" |
| ACCESSKEY="P" |
| >Prev</A |
| ></TD |
| ><TD |
| WIDTH="80%" |
| ALIGN="center" |
| VALIGN="bottom" |
| >Chapter 4. Bugzilla Security</TD |
| ><TD |
| WIDTH="10%" |
| ALIGN="right" |
| VALIGN="bottom" |
| ><A |
| HREF="security-webserver.html" |
| ACCESSKEY="N" |
| >Next</A |
| ></TD |
| ></TR |
| ></TABLE |
| ><HR |
| ALIGN="LEFT" |
| WIDTH="100%"></DIV |
| ><DIV |
| CLASS="section" |
| ><H1 |
| CLASS="section" |
| ><A |
| NAME="security-mysql" |
| >4.2. MySQL</A |
| ></H1 |
| ><DIV |
| CLASS="section" |
| ><H2 |
| CLASS="section" |
| ><A |
| NAME="security-mysql-account" |
| >4.2.1. The MySQL System Account</A |
| ></H2 |
| ><P |
| >As mentioned in <A |
| HREF="security-os.html#security-os-accounts" |
| >Section 4.1.2</A |
| >, the MySQL |
| daemon should run as a non-privleged, unique user. Be sure to consult |
| the MySQL documentation or the documentation that came with your system |
| for instructions. |
| </P |
| ></DIV |
| ><DIV |
| CLASS="section" |
| ><H2 |
| CLASS="section" |
| ><A |
| NAME="security-mysql-root" |
| >4.2.2. The MySQL <SPAN |
| CLASS="QUOTE" |
| >"root"</SPAN |
| > and <SPAN |
| CLASS="QUOTE" |
| >"anonymous"</SPAN |
| > Users</A |
| ></H2 |
| ><P |
| >By default, MySQL comes with a <SPAN |
| CLASS="QUOTE" |
| >"root"</SPAN |
| > user with a |
| blank password and an <SPAN |
| CLASS="QUOTE" |
| >"anonymous"</SPAN |
| > user, also with a blank |
| password. In order to protect your data, the <SPAN |
| CLASS="QUOTE" |
| >"root"</SPAN |
| > user |
| should be given a password and the anonymous user should be disabled. |
| </P |
| ><DIV |
| CLASS="example" |
| ><A |
| NAME="security-mysql-account-root" |
| ></A |
| ><P |
| ><B |
| >Example 4-1. Assigning the MySQL <SPAN |
| CLASS="QUOTE" |
| >"root"</SPAN |
| > User a Password</B |
| ></P |
| ><TABLE |
| BORDER="0" |
| BGCOLOR="#E0E0E0" |
| WIDTH="100%" |
| ><TR |
| ><TD |
| ><FONT |
| COLOR="#000000" |
| ><PRE |
| CLASS="screen" |
| > <SAMP |
| CLASS="prompt" |
| >bash$</SAMP |
| > mysql mysql |
| <SAMP |
| CLASS="prompt" |
| >mysql></SAMP |
| > UPDATE user SET password = password('<VAR |
| CLASS="replaceable" |
| >new_password</VAR |
| >') WHERE user = 'root'; |
| <SAMP |
| CLASS="prompt" |
| >mysql></SAMP |
| > FLUSH PRIVILEGES; |
| </PRE |
| ></FONT |
| ></TD |
| ></TR |
| ></TABLE |
| ></DIV |
| ><DIV |
| CLASS="example" |
| ><A |
| NAME="security-mysql-account-anonymous" |
| ></A |
| ><P |
| ><B |
| >Example 4-2. Disabling the MySQL <SPAN |
| CLASS="QUOTE" |
| >"anonymous"</SPAN |
| > User</B |
| ></P |
| ><TABLE |
| BORDER="0" |
| BGCOLOR="#E0E0E0" |
| WIDTH="100%" |
| ><TR |
| ><TD |
| ><FONT |
| COLOR="#000000" |
| ><PRE |
| CLASS="screen" |
| > <SAMP |
| CLASS="prompt" |
| >bash$</SAMP |
| > mysql -u root -p mysql <A |
| NAME="security-mysql-account-anonymous-mysql" |
| ><IMG |
| SRC="../images/callouts/1.gif" |
| HSPACE="0" |
| VSPACE="0" |
| BORDER="0" |
| ALT="(1)"></A |
| > |
| <SAMP |
| CLASS="prompt" |
| >Enter Password:</SAMP |
| > <VAR |
| CLASS="replaceable" |
| >new_password</VAR |
| > |
| <SAMP |
| CLASS="prompt" |
| >mysql></SAMP |
| > DELETE FROM user WHERE user = ''; |
| <SAMP |
| CLASS="prompt" |
| >mysql></SAMP |
| > FLUSH PRIVILEGES; |
| </PRE |
| ></FONT |
| ></TD |
| ></TR |
| ></TABLE |
| ><DIV |
| CLASS="calloutlist" |
| ><DL |
| COMPACT="COMPACT" |
| ><DT |
| ><A |
| HREF="security-mysql.html#security-mysql-account-anonymous-mysql" |
| ><IMG |
| SRC="../images/callouts/1.gif" |
| HSPACE="0" |
| VSPACE="0" |
| BORDER="0" |
| ALT="(1)"></A |
| ></DT |
| ><DD |
| >This command assumes that you have already completed |
| <A |
| HREF="security-mysql.html#security-mysql-account-root" |
| >Example 4-1</A |
| >. |
| </DD |
| ></DL |
| ></DIV |
| ></DIV |
| ></DIV |
| ><DIV |
| CLASS="section" |
| ><H2 |
| CLASS="section" |
| ><A |
| NAME="security-mysql-network" |
| >4.2.3. Network Access</A |
| ></H2 |
| ><P |
| >If MySQL and your webserver both run on the same machine and you |
| have no other reason to access MySQL remotely, then you should disable |
| the network access. This, along with the suggestion in |
| <A |
| HREF="security-os.html#security-os-ports" |
| >Section 4.1.1</A |
| >, will help protect your system from |
| any remote vulnerabilites in MySQL. |
| </P |
| ><DIV |
| CLASS="example" |
| ><A |
| NAME="security-mysql-network-ex" |
| ></A |
| ><P |
| ><B |
| >Example 4-3. Disabling Networking in MySQL</B |
| ></P |
| ><P |
| >Simply enter the following in <TT |
| CLASS="filename" |
| >/etc/my.conf</TT |
| >: |
| <TABLE |
| BORDER="0" |
| BGCOLOR="#E0E0E0" |
| WIDTH="100%" |
| ><TR |
| ><TD |
| ><FONT |
| COLOR="#000000" |
| ><PRE |
| CLASS="screen" |
| > [myslqd] |
| # Prevent network access to MySQL. |
| skip-networking |
| </PRE |
| ></FONT |
| ></TD |
| ></TR |
| ></TABLE |
| > |
| </P |
| ></DIV |
| ></DIV |
| ></DIV |
| ><DIV |
| CLASS="NAVFOOTER" |
| ><HR |
| ALIGN="LEFT" |
| WIDTH="100%"><TABLE |
| SUMMARY="Footer navigation table" |
| WIDTH="100%" |
| BORDER="0" |
| CELLPADDING="0" |
| CELLSPACING="0" |
| ><TR |
| ><TD |
| WIDTH="33%" |
| ALIGN="left" |
| VALIGN="top" |
| ><A |
| HREF="security-os.html" |
| ACCESSKEY="P" |
| >Prev</A |
| ></TD |
| ><TD |
| WIDTH="34%" |
| ALIGN="center" |
| VALIGN="top" |
| ><A |
| HREF="index.html" |
| ACCESSKEY="H" |
| >Home</A |
| ></TD |
| ><TD |
| WIDTH="33%" |
| ALIGN="right" |
| VALIGN="top" |
| ><A |
| HREF="security-webserver.html" |
| ACCESSKEY="N" |
| >Next</A |
| ></TD |
| ></TR |
| ><TR |
| ><TD |
| WIDTH="33%" |
| ALIGN="left" |
| VALIGN="top" |
| >Operating System</TD |
| ><TD |
| WIDTH="34%" |
| ALIGN="center" |
| VALIGN="top" |
| ><A |
| HREF="security.html" |
| ACCESSKEY="U" |
| >Up</A |
| ></TD |
| ><TD |
| WIDTH="33%" |
| ALIGN="right" |
| VALIGN="top" |
| >Webserver</TD |
| ></TR |
| ></TABLE |
| ></DIV |
| ></BODY |
| ></HTML |
| > |