Security
When you maintain a MySQL installation, it's important to make sure that the information your users entrust to their databases is kept secure. The MySQL administrator is responsible for controlling access to the data directory and the server, and should understand the following issues:
Filesystem security.
A Unix machine may host several user accounts that have no MySQL-related administrative duties. It's important to ensure that these accounts have no access to the data directory. This prevents them from compromising data on a filesystem level by copying database tables or removing them, or by being able to read log files that may contain sensitive information. You should know how to set up a Unix user account to be used for running the MySQL server, how to set up the data directory so that it is owned by that user, and how to start up the server to run with that user's privileges.
MySQL server security.
You must understand how the MySQL security system works so that you grant the proper privileges when you set up user accounts that are allowed access to the MySQL server. Users connecting to the server over the network should have permission to do only what they are supposed to be able to do. You don't want to inadvertently grant overly permissive access to accounts due to faulty understanding of the security system!
|