
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
237
Chapter 8
CHAPTER 8
Database Security
The “M” in LAMP, and the most popular open source database for Linux, is
MySQL. It’s easy to install and configure, runs light, and is quite fast. You’ll com-
monly see it harnessed to Apache—serving up site content and authenticating users
—and offering a tempting target to those with more time than sense or conscience.
In this chapter, we’ll apply to database servers some of the methods we use to secure
web servers, email servers, and nameservers. It’s a little shorter than many of the
other chapters because a database server is, from a security viewpoint, simpler than a
web server or email server.
Working from the outside into the crunchy database center, we’ll cover:
• The types of security problems. What should you worry about?
• Server placement. Where should you put your MySQL server to protect it from
TCP exploits? How can you provide secure access for database clients?
• Database server installation. What version of MySQL should you use? What are
the best file/directory ownerships and modes?
• Database configuration. How do you create database user accounts and grant
permissions?
• Database operation. How do you protect against malicious SQL and bonehead
queries? What are good practices for logging and backup?
For one reason or another, you ...