MysqL security strategy sharing
- 小云云Original
- 2018-02-23 13:26:511276browse
1: Use prepared statements to prevent SQL injection
2: The data written to the database must be escaped with special characters. For example, characters with single quotes and double quotes need to be escaped at the application layer. In order to prevent SQL Injection
3: Do not return the query error information to the user, and record the error in the log. Do not display error information in the application, so that the user will obtain the database information, which is unsafe. We need to mask the errors and check the logs regularly for errors.
Note: Try to use PDO for database-related operations on the PHP side. , PDO has a good support method for prepared statements, and Mysqli also has it, but the scalability is not as good as PDO. PDO supports more extended libraries, not only Mysql, and is slightly more efficient than PDO, but Mysqli only supports Mysql and Mysql functions. The library has tended to be eliminated in the new version, so it is not recommended to use it, and it does not have good support for preprocessing methods
4: Make regular data backups
5: Do not give root permissions to query users, and allocate permissions reasonably ; For example, the server has many applications, and root permission cannot be given to each one.
6: Turn off remote access to the database, which may be cracked and is unsafe.
7: Modify the root password. Do not use the default password. Complex and cannot be easily guessed
8: Delete redundant users
9: Change the name of the root user to something that is not easy for others to guess
10: Restrict ordinary users from browsing other libraries; such as multiple Application, each application creates an independent user and cannot access other libraries
11: Restrict users' access rights to data files and restrict permissions on files. Not only does each user limit access to the mysql library, but also restrictions Data directory permissions for mysql stored data
Related recommendations:
The above is the detailed content of MysqL security strategy sharing. For more information, please follow other related articles on the PHP Chinese website!