提高MySQL数据库的安全性

Posted 2020-10-11 迷失之路

1. 更改默认端口（默认3306）

　　可以从一定程度上防止端口扫描工具的扫描

 

2. 删除掉test数据库

drop database test;

 

3. 密码改的复杂些

# 1 

set password for root@localhost=password(‘test‘); 

# 2
use mysql; 
update user set password=password(‘test‘) where user=‘root‘; 
flush privileges; 

4. 删除默认的用户

use mysql; 
delete from db; 
delete from user where not(host="localhost" and user="root"); 
flush privileges; 

5. 改变默认mysql管理员的名称

use mysql;
update user set user="admin" where user="root"; 
flush privileges; 

6. 禁止远程连接mysql
a. 设置帐号不允许从远程登陆，只能在localhost

use mysql; 
update user set host = ‘%‘ where user = ‘admin‘;
select host, user from user; 

 

b. 授权某个特定的用户可以从远程登录mysql
(1) 设定任务主机，都可以根据某个用户名|密码，登录mysql服务的所有数据库

grant all privileges on *.* to ‘myuser‘@‘%‘ identified by ‘mypassword‘ with grant option; 
flush privileges;

 

(2) 设定特定IP的主机，根据某个用户名|密码，登录mysql服务的所有数据库

grant all privileges on *.* to ‘myuser‘@‘192.168.1.3‘ identified by ‘mypassword‘ with grant option; 
flush privileges;

 

(3) 设定特定IP的主机，根据用某个户名|密码，登录指定的数据库(dk--数据库名)

grant all privileges on dk.* to ‘myuser‘@‘192.168.1.3‘ identified by ‘mypassword‘ with grant option; 
flush privileges;