MySQL Database

MySQL Databasehttp://www.checklist20.com/bestpractices.htmlThis is a test post. please checkhttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=420&tn=This is a test post. please checktesting dljfsl sdkljfs skdlfjlksdafjskldfjskdjfksdfjsa ...  View More]]>Implement strong password verify functionhttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=196&tn=Implement strong password verify function ...  View More]]>Encrypt data stored in the database using MySQL built-in functionshttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=194&tn=Encrypt data stored in the database using MySQL built-in functionsIf the data being stored in the database is sensitive then it should ideally be encrypted. MySQL provides inbuilt SQL functions to encrypt and decrypt data using the AES encryption protocol. The only problem with this method of encryption is that ...  View More]]>Restrict access to MySQL databasehttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=195&tn=Restrict access to MySQL databaseOnly admin users should have access to the mysql database Verify access by checking the user and db tables. ...  View More]]>Use dedicated non-administrative account for MySQL daemon/servicehttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=193&tn=Use dedicated non-administrative account for MySQL daemon/serviceUtilizing a least privilege account for MySQL daemon and services to execute may reduce the impact of a MySQL-born vulnerability. A non-administrative OS account will be unable to access resources unrelated to MySQL, such as operating system confi ...  View More]]>Restrict administrative privilegeshttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=191&tn=Restrict administrative privileges ...  View More]]>Restrict administrative privilegeshttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=192&tn=Restrict administrative privileges ...  View More]]>Setup MySQL environment in chroothttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=190&tn=Setup MySQL environment in chrootA chroot on UNIX operating systems is an operation that changes the apparent disk root directory for the MySQL process and its children. All of MySQL processes are re-rooted to another directory and cannot access or name files outside that directo ...  View More]]>No Wildcards in user hostnamehttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=197&tn=No Wildcards in user hostnameWhen possible, host parameters for users should not contain wildcards (‘%’). This can be checked using “select user from mysql.user where host = '%';”. Avoiding the use of wildcards within hostnames will ensure that only trusted principals are cap ...  View More]]>No Anonymous accounthttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=198&tn=No Anonymous accountAnonymous accounts are users with no name (‘’). They allow for default logins and there permissions can sometimes be used by other users. Check for anonymous users using the query “select user from mysql.user where user =‘’;”. They allow for defau ...  View More]]>Harden Configurationhttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=199&tn=Harden Configuration ...  View More]]>Migrate to version 4.1 or 5.0 or higherhttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=200&tn=Migrate to version 4.1 or 5.0 or higherVersions 4.0 and 3.23 only receive critical fixes. Utilizing a supported version of MySQL will help ensure the remediation of identified MySQL vulnerabilities. ...  View More]]>Apply latest security patcheshttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=201&tn=Apply latest security patchesDetermine current version of MySQL using “mysql —h HOSTNAME —V”. Review changes in each revision greater than that running for security changes. See References for links to change history. ...  View More]]>Backup databasehttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=202&tn=Backup databaseBackup and recovery is one of the most important aspects of database administration. If a database crashed and there was no way to recover it, the devastating results to a business could include lost data, lost revenue and customer dissatisfaction ...  View More]]>Remove test databasehttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=203&tn=Remove test databaseThe default MySQL installation comes with a database called “test”. Databases can be viewed using the “SHOW DATABASES;” command. Databases can be dropped using the “DROP DATABASE xxx;” syntax.Removing unutilized components will eliminate an attack ...  View More]]>Use SSL connection to transfer sensitive datahttp://www.checklist20.com/bestpractices.html#cid=144&cn=MySQL Database&tid=204&tn=Use SSL connection to transfer sensitive dataTo make it easier to use secure connections, MySQL is bundled with yaSSL as of MySQL 5.0.10. (MySQL and yaSSL employ the same licensing model, whereas OpenSSL uses an Apache-style license.). SSL trusted network connection is recommended when restr ...  View More]]>