1. 前言
mysql数据库安全配置、或者叫加固属于风险模型中的一环,它需要安全人员在理论和实践的学习中不断发现新的问题,并针对这些问题对数据的各个方面的配置进行强化。本文试图围绕着数据库风险识别、数据库安全加固这个问题,探讨可以采取的措施来最大程度的保证我们的数据库的安全控制处在一个较好的水平。
2. mysql账户权限安全
mysql中存在4个控制权限的表,分别为
1. mysql.user表
2. mysql.db表
3. mysql.tables_priv表
4. mysql.columns_priv表
要注意的是,mysql中有一个数据库"information_schema",似乎里面保存的也是一些权限信息,但是要明白的是,这个数据库"information_schema"是为系统管理员提供元数据的一个简便方式,它实际上是一个视图,可以理解为对mysql中的一个信息的封装,对于mysql主程序来说,身份认证和授权的信息的来源只有一个,就是"mysql"。
0×1. mysql.user表
select * from user;
desc user;
mysql> desc user;+-------------------------------+------+-----+---------+-------+
| field | type | null | key | default | extra |
+-------------------------------+------+-----+---------+-------+
| host | char(60) | no | pri | | |
| user | char(16) | no | pri | | |
| password | char(41) | no | | | |
| select_priv | enum('n','y') | no | | n | |
| insert_priv | enum('n','y') | no | | n | |
| update_priv | enum('n','y') | no | | n | |
| delete_priv | enum('n','y') | no | | n | |
| create_priv | enum('n','y') | no | | n | |
| drop_priv | enum('n','y') | no | | n | |
| reload_priv | enum('n','y') | no | | n | |
| shutdown_priv | enum('n','y') | no | | n | |
| process_priv | enum('n','y') | no | | n | |
| file_priv | enum('n','y') | no | | n | |
| grant_priv | enum('n','y') | no | | n | |
| references_priv | enum('n','y') | no | | n | |
| index_priv | enum('n','y') | no | | n | |
| alter_priv | enum('n','y') | no | | n | |
| show_db_priv | enum('n','y') | no | | n | |
| super_priv | enum('n','y') | no | | n | |
| create_tmp_table_priv | enum('n','y') | no | | n | |
| lock_tables_priv | enum('n','y') | no | | n | |
| execute_priv | enum('n','y') | no | | n | |
| repl_slave_priv | enum('n','y') | no | | n | |
| repl_client_priv | enum('n','y') | no | | n | |
| create_view_priv | enum('n','y') | no | | n | |
| show_view_priv | enum('n','y') | no | | n | |
| create_routine_priv | enum('n','y') | no | | n | |
| alter_routine_priv | enum('n','y') | no | | n | |
| create_user_priv | enum('n','y') | no | | n | |
| event_priv | enum('n','y') | no | | n | |
| trigger_priv | enum('n','y') | no | | n | |
| create_tablespace_priv | enum('n','y') | no | | n | |
| ssl_type | enum('','any','x509','specified') | no | | | |
| ssl_cipher | blob | no | | null | |
| x509_issuer | blob | no | | null | |
| x509_subject | blob | no | | null | |
| max_questions | int(11) unsigned | no | | 0 | |
| max_updates | int(11) unsigned | no | | 0 | |
| max_connections | int(11) unsigned | no | | 0 | |
| max_user_connections | int(11) unsigned | no | | 0 | |
| plugin | char(64) | yes | | | |
| authentication_string | text | yes | | null | |
| password_expired | enum('n','y') | no | | n | |
+-------------------------------+------+-----+---------+-------+
0×2. mysql.db表
select * from db;
desc db;
mysql> desc db; +-------------+------+-----+---------+-------+
| field | type | null | key | default | extra |
+-------------+------+-----+---------+-------+
| host | char(60) | no | pri | | |
| db | char(64) | no | pri | | |
| user | char(16) | no | pri | | |
| select_priv | enum('n','y') | no | | n | |
| insert_priv | enum('n','y') | no | | n | |
| update_priv | enum('n','y') | no | | n | |
| delete_priv | enum('n','y') | no | | n | |
| create_priv | enum('n','y') | no | | n | |
| drop_priv | enum('n','y') | no | | n | |
| grant_priv | enum('n','y') | no | | n | |
| references_priv | enum('n','y') | no | | n | |
| index_priv | enum('n','y') | no | | n | |
| alter_priv | enum('n','y') | no | | n | |
| create_tmp_table_priv | enum('n','y') | no | | n | |
| lock_tables_priv | enum('n','y') | no | | n | |
| create_view_priv | enum('n','y') | no | | n | |
| show_view_priv | enum('n','y') | no | | n | |
| create_routine_priv | enum('n','y') | no | | n | |
| alter_routine_priv | enum('n','y') | no | | n | |
| execute_priv | enum('n','y') | no | | n | |
| event_priv | enum('n','y') | no | | n | |
| trigger_priv | enum('n','y') | no | | n | |
+-------------+------+-----+---------+-------+
0×3. mysql.tables_priv表
select * from tables_priv;
desc tables_priv;
mysql> desc tables_priv;
+------------------+------+-----+--------------------+
| field | type | null | key | default | extra |
+------------------+------+-----+--------------------+
| host | char(60) | no | pri | | |
| db | char(64) | no | pri | | |
| user | char(16) | no | pri | | |
| table_name | char(64) | no | pri | | |
| grantor | char(77) | no | mul | | |
| timestamp | timestamp | no | | current_timestamp | on update current_timestamp |
| table_priv | set('select','insert','update','delete','create','drop','grant','references','index','alter','create view','show view','trigger') | no | | | |
| column_priv | set('select','insert','update','references') | no | | | |
+------------------+------+-----+--------------------+
0×4. mysql.columns_priv表
申明:本教程内容由威凡网编辑整理并提供IT程序员分享学习,如文中有侵权行为,请与站长联系(QQ:254677821)!