Home >Database >Mysql Tutorial >Security analysis of Mssql and Mysql
[Introduction] Database is the foundation of e-commerce, finance and ERP systems, and usually stores important business partner and customer information. The electronic data of most enterprises, organizations and government departments are stored in various databases. They use these databases to store some personal information and also hold sensitive financial information. Databases are used in e-commerce, finance and ERP systems. Basically, important business partner and
customer information is usually saved. The electronic data of most enterprises, organizations and government departments are stored in various databases. They use these databases to store some personal information and also hold sensitive financial data. However, databases usually do not receive as much attention to security as operating systems and networks. Data is the lifeblood of enterprises and organizations, so choosing a secure database is crucial. Large websites generally use oracle or DB2, while most small and medium-sized websites use the more flexible and compact mssql database or mysql database. So, under the same conditions, which one is more secure, Microsoft's mssql or free mysql?
I installed mssql and mysql by default on my machine using the administrator account in order to
test their security under the same circumstances. My system configuration is as follows: operating system Microsoft windows 2000 Version5.0,
sp4, ftp service and iis service are installed, supporting asp and php. The system has only one administrator account, admin, and the guest
account is not disabled.
1. System internal security analysis
1.mysql database permission control issue
Mysql permission control is based on the mysql database, called The authorization table includes a total of six tables columns_priv, db, func, host, tables_priv and user. First use the desc user command to view the structure of the very important user table to query the content. Now you can view his permission settings. Use the command
select host,user,password,delete_priv,update_priv,drop_priv from user;
This command checks several dangerous permissions, and the displayed results are as follows:
mysql> select host,user,password,delete_priv,update_priv,drop_priv from user; +-----------+------+------------------+-------------+-------------+-----------+ | host | user | password | delete_priv | update_priv | drop_priv | +-----------+------+------------------+-------------+-------------+-----------+ | localhost | root |0e4941f53f6fa106 | Y | Y | Y | | % | root | | Y | Y | Y | | localhost | | | Y | Y | Y | | % | | | N | N | N | +-----------+------+------------------+-------------+-------------+-----------+ 4 rows in set (0.00 sec)
.
Solution: If you don't need remote maintenance, delete the second entry,
delete from user where host="%" and user="root";
or add a strong password to it. Delete the third article,
delete from user where host="localhost" and user="";