Main » 2011 » Март » 16 » ~ / Mysql_history and security

---

12:28 ~ / Mysql_history and security

Typically, security is inversely proportional to convenience. To preserve the history of commands that can be navigated in the CLI, - very convenient. So does, for example, bash. So doing, and MySQL, and carefully line by writing the command in ~ /. Mysql_history in plain text (including passwords). To reduce or entirely avoid the risk of leakage is possible if (the more acceptable, in my opinion, the way to a less valid): user's home directory has access mode 700; file ~ /. Mysql_history has access mode 600, call a script that cleans the file ~ /. mysql_history of "extra" records; "by hand" to clean the file ~ /. mysql_history of "extra" records; delete the file ~ /. mysql_history (this option offers SecurityFocus); ~ /. mysql_history a symlink to / dev / null (the story is not conducted). From the perspective of the DBMS is not a security issue, since in the history of queries can be much more valuable information than passwords (billing information, for example), so developers do not take care of such exceptions on the level of logging history command. Actually what touched upon this theme. What are some more options? Bonus track. Referring to the issue of safety MySQL, I want to note that the observed data are often the root account in a backup script using mysqldump. A very common mistake, and yet not too difficult to create a special user to unload a pair of bases commands: GRANT SELECT, LOCK TABLES ON .* TO <user-dumper> @ localhost IDENTIFIED BY '<dumper-password> '; FLUSH PRIVILEGES;

1 2 3 4 5 Views: 462 | Added by: w1zard | Rating: 0.0/0

Total comments: 0