Bug 40933
3.4.2 git-svn-id: svn://svn.office.custis.ru/3rdparty/bugzilla.org/trunk@417 6955db30-a419-402b-8a0d-67ecbb4d7f56master
parent
0ba610226f
commit
9c4532cd02
|
@ -1,373 +0,0 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<HTML
|
||||
><HEAD
|
||||
><TITLE
|
||||
>MySQL</TITLE
|
||||
><META
|
||||
NAME="GENERATOR"
|
||||
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
|
||||
REL="HOME"
|
||||
TITLE="The Bugzilla Guide - 3.4.1
|
||||
Release"
|
||||
HREF="index.html"><LINK
|
||||
REL="UP"
|
||||
TITLE="Bugzilla Security"
|
||||
HREF="security.html"><LINK
|
||||
REL="PREVIOUS"
|
||||
TITLE="Operating System"
|
||||
HREF="security-os.html"><LINK
|
||||
REL="NEXT"
|
||||
TITLE="Web server"
|
||||
HREF="security-webserver.html"></HEAD
|
||||
><BODY
|
||||
CLASS="section"
|
||||
BGCOLOR="#FFFFFF"
|
||||
TEXT="#000000"
|
||||
LINK="#0000FF"
|
||||
VLINK="#840084"
|
||||
ALINK="#0000FF"
|
||||
><DIV
|
||||
CLASS="NAVHEADER"
|
||||
><TABLE
|
||||
SUMMARY="Header navigation table"
|
||||
WIDTH="100%"
|
||||
BORDER="0"
|
||||
CELLPADDING="0"
|
||||
CELLSPACING="0"
|
||||
><TR
|
||||
><TH
|
||||
COLSPAN="3"
|
||||
ALIGN="center"
|
||||
>The Bugzilla Guide - 3.4.1
|
||||
Release</TH
|
||||
></TR
|
||||
><TR
|
||||
><TD
|
||||
WIDTH="10%"
|
||||
ALIGN="left"
|
||||
VALIGN="bottom"
|
||||
><A
|
||||
HREF="security-os.html"
|
||||
ACCESSKEY="P"
|
||||
>Prev</A
|
||||
></TD
|
||||
><TD
|
||||
WIDTH="80%"
|
||||
ALIGN="center"
|
||||
VALIGN="bottom"
|
||||
>Chapter 4. Bugzilla Security</TD
|
||||
><TD
|
||||
WIDTH="10%"
|
||||
ALIGN="right"
|
||||
VALIGN="bottom"
|
||||
><A
|
||||
HREF="security-webserver.html"
|
||||
ACCESSKEY="N"
|
||||
>Next</A
|
||||
></TD
|
||||
></TR
|
||||
></TABLE
|
||||
><HR
|
||||
ALIGN="LEFT"
|
||||
WIDTH="100%"></DIV
|
||||
><DIV
|
||||
CLASS="section"
|
||||
><H1
|
||||
CLASS="section"
|
||||
><A
|
||||
NAME="security-mysql"
|
||||
>4.2. MySQL</A
|
||||
></H1
|
||||
><DIV
|
||||
CLASS="section"
|
||||
><H2
|
||||
CLASS="section"
|
||||
><A
|
||||
NAME="security-mysql-account"
|
||||
>4.2.1. The MySQL System Account</A
|
||||
></H2
|
||||
><P
|
||||
>As mentioned in <A
|
||||
HREF="security-os.html#security-os-accounts"
|
||||
>Section 4.1.2</A
|
||||
>, the MySQL
|
||||
daemon should run as a non-privileged, unique user. Be sure to consult
|
||||
the MySQL documentation or the documentation that came with your system
|
||||
for instructions.
|
||||
</P
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="section"
|
||||
><H2
|
||||
CLASS="section"
|
||||
><A
|
||||
NAME="security-mysql-root"
|
||||
>4.2.2. The MySQL <SPAN
|
||||
CLASS="QUOTE"
|
||||
>"root"</SPAN
|
||||
> and <SPAN
|
||||
CLASS="QUOTE"
|
||||
>"anonymous"</SPAN
|
||||
> Users</A
|
||||
></H2
|
||||
><P
|
||||
>By default, MySQL comes with a <SPAN
|
||||
CLASS="QUOTE"
|
||||
>"root"</SPAN
|
||||
> user with a
|
||||
blank password and an <SPAN
|
||||
CLASS="QUOTE"
|
||||
>"anonymous"</SPAN
|
||||
> user, also with a blank
|
||||
password. In order to protect your data, the <SPAN
|
||||
CLASS="QUOTE"
|
||||
>"root"</SPAN
|
||||
> user
|
||||
should be given a password and the anonymous user should be disabled.
|
||||
</P
|
||||
><DIV
|
||||
CLASS="example"
|
||||
><A
|
||||
NAME="security-mysql-account-root"
|
||||
></A
|
||||
><P
|
||||
><B
|
||||
>Example 4-1. Assigning the MySQL <SPAN
|
||||
CLASS="QUOTE"
|
||||
>"root"</SPAN
|
||||
> User a Password</B
|
||||
></P
|
||||
><TABLE
|
||||
BORDER="0"
|
||||
BGCOLOR="#E0E0E0"
|
||||
WIDTH="100%"
|
||||
><TR
|
||||
><TD
|
||||
><FONT
|
||||
COLOR="#000000"
|
||||
><PRE
|
||||
CLASS="screen"
|
||||
> <SAMP
|
||||
CLASS="prompt"
|
||||
>bash$</SAMP
|
||||
> mysql mysql
|
||||
<SAMP
|
||||
CLASS="prompt"
|
||||
>mysql></SAMP
|
||||
> UPDATE user SET password = password('<TT
|
||||
CLASS="replaceable"
|
||||
><I
|
||||
>new_password</I
|
||||
></TT
|
||||
>') WHERE user = 'root';
|
||||
<SAMP
|
||||
CLASS="prompt"
|
||||
>mysql></SAMP
|
||||
> FLUSH PRIVILEGES;
|
||||
</PRE
|
||||
></FONT
|
||||
></TD
|
||||
></TR
|
||||
></TABLE
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="example"
|
||||
><A
|
||||
NAME="security-mysql-account-anonymous"
|
||||
></A
|
||||
><P
|
||||
><B
|
||||
>Example 4-2. Disabling the MySQL <SPAN
|
||||
CLASS="QUOTE"
|
||||
>"anonymous"</SPAN
|
||||
> User</B
|
||||
></P
|
||||
><TABLE
|
||||
BORDER="0"
|
||||
BGCOLOR="#E0E0E0"
|
||||
WIDTH="100%"
|
||||
><TR
|
||||
><TD
|
||||
><FONT
|
||||
COLOR="#000000"
|
||||
><PRE
|
||||
CLASS="screen"
|
||||
> <SAMP
|
||||
CLASS="prompt"
|
||||
>bash$</SAMP
|
||||
> mysql -u root -p mysql <A
|
||||
NAME="security-mysql-account-anonymous-mysql"
|
||||
><IMG
|
||||
SRC="../images/callouts/1.gif"
|
||||
HSPACE="0"
|
||||
VSPACE="0"
|
||||
BORDER="0"
|
||||
ALT="(1)"></A
|
||||
>
|
||||
<SAMP
|
||||
CLASS="prompt"
|
||||
>Enter Password:</SAMP
|
||||
> <TT
|
||||
CLASS="replaceable"
|
||||
><I
|
||||
>new_password</I
|
||||
></TT
|
||||
>
|
||||
<SAMP
|
||||
CLASS="prompt"
|
||||
>mysql></SAMP
|
||||
> DELETE FROM user WHERE user = '';
|
||||
<SAMP
|
||||
CLASS="prompt"
|
||||
>mysql></SAMP
|
||||
> FLUSH PRIVILEGES;
|
||||
</PRE
|
||||
></FONT
|
||||
></TD
|
||||
></TR
|
||||
></TABLE
|
||||
><DIV
|
||||
CLASS="calloutlist"
|
||||
><DL
|
||||
COMPACT="COMPACT"
|
||||
><DT
|
||||
><A
|
||||
HREF="security-mysql.html#security-mysql-account-anonymous-mysql"
|
||||
><IMG
|
||||
SRC="../images/callouts/1.gif"
|
||||
HSPACE="0"
|
||||
VSPACE="0"
|
||||
BORDER="0"
|
||||
ALT="(1)"></A
|
||||
></DT
|
||||
><DD
|
||||
>This command assumes that you have already completed
|
||||
<A
|
||||
HREF="security-mysql.html#security-mysql-account-root"
|
||||
>Example 4-1</A
|
||||
>.
|
||||
</DD
|
||||
></DL
|
||||
></DIV
|
||||
></DIV
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="section"
|
||||
><H2
|
||||
CLASS="section"
|
||||
><A
|
||||
NAME="security-mysql-network"
|
||||
>4.2.3. Network Access</A
|
||||
></H2
|
||||
><P
|
||||
>If MySQL and your web server both run on the same machine and you
|
||||
have no other reason to access MySQL remotely, then you should disable
|
||||
the network access. This, along with the suggestion in
|
||||
<A
|
||||
HREF="security-os.html#security-os-ports"
|
||||
>Section 4.1.1</A
|
||||
>, will help protect your system from
|
||||
any remote vulnerabilities in MySQL.
|
||||
</P
|
||||
><DIV
|
||||
CLASS="example"
|
||||
><A
|
||||
NAME="security-mysql-network-ex"
|
||||
></A
|
||||
><P
|
||||
><B
|
||||
>Example 4-3. Disabling Networking in MySQL</B
|
||||
></P
|
||||
><P
|
||||
>Simply enter the following in <TT
|
||||
CLASS="filename"
|
||||
>/etc/my.cnf</TT
|
||||
>:
|
||||
<TABLE
|
||||
BORDER="0"
|
||||
BGCOLOR="#E0E0E0"
|
||||
WIDTH="100%"
|
||||
><TR
|
||||
><TD
|
||||
><FONT
|
||||
COLOR="#000000"
|
||||
><PRE
|
||||
CLASS="screen"
|
||||
> [mysqld]
|
||||
# Prevent network access to MySQL.
|
||||
skip-networking
|
||||
</PRE
|
||||
></FONT
|
||||
></TD
|
||||
></TR
|
||||
></TABLE
|
||||
>
|
||||
</P
|
||||
></DIV
|
||||
></DIV
|
||||
></DIV
|
||||
><DIV
|
||||
CLASS="NAVFOOTER"
|
||||
><HR
|
||||
ALIGN="LEFT"
|
||||
WIDTH="100%"><TABLE
|
||||
SUMMARY="Footer navigation table"
|
||||
WIDTH="100%"
|
||||
BORDER="0"
|
||||
CELLPADDING="0"
|
||||
CELLSPACING="0"
|
||||
><TR
|
||||
><TD
|
||||
WIDTH="33%"
|
||||
ALIGN="left"
|
||||
VALIGN="top"
|
||||
><A
|
||||
HREF="security-os.html"
|
||||
ACCESSKEY="P"
|
||||
>Prev</A
|
||||
></TD
|
||||
><TD
|
||||
WIDTH="34%"
|
||||
ALIGN="center"
|
||||
VALIGN="top"
|
||||
><A
|
||||
HREF="index.html"
|
||||
ACCESSKEY="H"
|
||||
>Home</A
|
||||
></TD
|
||||
><TD
|
||||
WIDTH="33%"
|
||||
ALIGN="right"
|
||||
VALIGN="top"
|
||||
><A
|
||||
HREF="security-webserver.html"
|
||||
ACCESSKEY="N"
|
||||
>Next</A
|
||||
></TD
|
||||
></TR
|
||||
><TR
|
||||
><TD
|
||||
WIDTH="33%"
|
||||
ALIGN="left"
|
||||
VALIGN="top"
|
||||
>Operating System</TD
|
||||
><TD
|
||||
WIDTH="34%"
|
||||
ALIGN="center"
|
||||
VALIGN="top"
|
||||
><A
|
||||
HREF="security.html"
|
||||
ACCESSKEY="U"
|
||||
>Up</A
|
||||
></TD
|
||||
><TD
|
||||
WIDTH="33%"
|
||||
ALIGN="right"
|
||||
VALIGN="top"
|
||||
>Web server</TD
|
||||
></TR
|
||||
></TABLE
|
||||
></DIV
|
||||
></BODY
|
||||
></HTML
|
||||
>
|
Loading…
Reference in New Issue