MySQL security can be improved by setting password policies and enabling audit logs. First, configure a strong password policy: modify my.cnf or my.ini file to add validate_password.policy=STRONG, or execute SET GLOBAL validate_password.policy = STRONG in MySQL; at the same time, you can adjust the minimum length of the password, whether special characters are needed, such as SET GLOBAL validate_password.length = 12; SET GLOBAL validate_password.special_char_required = ON; Second, enable the audit logging function: by installing plug-ins (such as Oracle Audit Plugin) and configuring the log path, run INSTALL PLUGIN audit_log SONAME 'libaudit_plugin.so'; and set log size and retention policies in the configuration file, such as audit_log_rotate_on_size=100MB, audit_log_rotations=5; Finally, check the log content regularly, pay attention to abnormal login, frequent failed attempts and high-permission operations, and combine scripts to realize alarm notifications to improve security monitoring capabilities.
MySQL is the core component of many application systems, and security is directly related to whether the data is safe. Password policy and audit log are two of the key links. Proper configuration can greatly reduce the risk of being attacked.
Set up strong password policy
MySQL has built-in password policy plug-in since 8.0, which forces users to set passwords that meet the requirements. The default policy is "MEDIUM", which requires that the password length is at least 8 digits and contains both upper and lower case letters and numbers.
To enable stronger strategies, such as "STRONG", you can do this:
- Modify the configuration file my.cnf or my.ini and add a line:
validate_password.policy=STRONG - Restart MySQL to take effect
- Log in to MySQL and run
SET GLOBAL validate_password.policy = STRONG;
In addition to the policy level, you can also set the minimum length of the password, whether special characters are needed, etc. for example:
SET GLOBAL validate_password.length = 12; SET GLOBAL validate_password.special_char_required = ON;
It is recommended to adjust these parameters according to the actual environment, neither too loose nor too strict. For example, if the team is used to using a password manager, the complexity requirements can be appropriately increased; if the user often enters the password manually, you can consider maintaining the default policy but regularly forcibly replace it.
Enable audit logging function
The audit log can record the user's login, execute SQL statements and other operations, which is very useful for troubleshooting problems and discovering abnormal behaviors. MySQL itself does not have audit logging function, but can be implemented through plug-ins, such as the Audit Plugin or Percona version provided by Oracle.
The way to install plug-ins is roughly as follows:
- Download the corresponding version of the plug-in file
- Log in to MySQL and run
INSTALL PLUGIN audit_log SONAME 'libaudit_plugin.so'; - Modify the configuration file, enable the plugin and set the log path
- Restart MySQL
Once enabled, you can see log content similar to the following:
<audit> <timestamp>2024-03-15T10:20:30 UTC</timestamp> <id>12345</id> <command>Query</command> <query>SELECT * FROM users WHERE id = 1;</query> <user>app_user</user> <host>192.168.1.100</host> </audit>
These logs can be used with log analysis tools, such as ELK or Splunk, to facilitate centralized management and alarm settings.
Regularly check and clean logs
Audit logs take up disk space, especially in systems with high access. Therefore, it is necessary to set up a reasonable retention strategy, such as keeping logs for the last 30 days, or rotating according to file size.
The log file size and retention time can be set through the configuration file:
[mysqld] audit_log_rotate_on_size=104857600 # Maximum 100MB per file audit_log_rotations=5 # Keep 5 old files
It is also important to check the log content regularly, especially pay attention to abnormal login behavior, frequent failed attempts, and operations of high-authorized users. You can write a script to scan the log regularly and send an email to remind you if you find suspicious behavior.
Basically that's it. Although password policy and audit log are not the entire content of MySQL security, they are the two easiest to configure and quickly achieve results. As long as it is set properly, it can effectively improve overall security.
The above is the detailed content of Securing MySQL with Strong Password Policies and Audit Logs. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Establishing secure remote connections to a MySQL server
Jul 04, 2025 am 01:44 AM
TosecurelyconnecttoaremoteMySQLserver,useSSHtunneling,configureMySQLforremoteaccess,setfirewallrules,andconsiderSSLencryption.First,establishanSSHtunnelwithssh-L3307:localhost:3306user@remote-server-Nandconnectviamysql-h127.0.0.1-P3307.Second,editMyS
Analyzing the MySQL Slow Query Log to Find Performance Bottlenecks
Jul 04, 2025 am 02:46 AM
Turn on MySQL slow query logs and analyze locationable performance issues. 1. Edit the configuration file or dynamically set slow_query_log and long_query_time; 2. The log contains key fields such as Query_time, Lock_time, Rows_examined to assist in judging efficiency bottlenecks; 3. Use mysqldumpslow or pt-query-digest tools to efficiently analyze logs; 4. Optimization suggestions include adding indexes, avoiding SELECT*, splitting complex queries, etc. For example, adding an index to user_id can significantly reduce the number of scanned rows and improve query efficiency.
Handling NULL Values in MySQL Columns and Queries
Jul 05, 2025 am 02:46 AM
When handling NULL values ??in MySQL, please note: 1. When designing the table, the key fields are set to NOTNULL, and optional fields are allowed NULL; 2. ISNULL or ISNOTNULL must be used with = or !=; 3. IFNULL or COALESCE functions can be used to replace the display default values; 4. Be cautious when using NULL values ??directly when inserting or updating, and pay attention to the data source and ORM framework processing methods. NULL represents an unknown value and does not equal any value, including itself. Therefore, be careful when querying, counting, and connecting tables to avoid missing data or logical errors. Rational use of functions and constraints can effectively reduce interference caused by NULL.
Performing logical backups using mysqldump in MySQL
Jul 06, 2025 am 02:55 AM
mysqldump is a common tool for performing logical backups of MySQL databases. It generates SQL files containing CREATE and INSERT statements to rebuild the database. 1. It does not back up the original file, but converts the database structure and content into portable SQL commands; 2. It is suitable for small databases or selective recovery, and is not suitable for fast recovery of TB-level data; 3. Common options include --single-transaction, --databases, --all-databases, --routines, etc.; 4. Use mysql command to import during recovery, and can turn off foreign key checks to improve speed; 5. It is recommended to test backup regularly, use compression, and automatic adjustment.
Calculating Database and Table Sizes in MySQL
Jul 06, 2025 am 02:41 AM
To view the size of the MySQL database and table, you can query the information_schema directly or use the command line tool. 1. Check the entire database size: Execute the SQL statement SELECTtable_schemaAS'Database',SUM(data_length index_length)/1024/1024AS'Size(MB)'FROMinformation_schema.tablesGROUPBYtable_schema; you can get the total size of all databases, or add WHERE conditions to limit the specific database; 2. Check the single table size: use SELECTta
Handling character sets and collations issues in MySQL
Jul 08, 2025 am 02:51 AM
Character set and sorting rules issues are common when cross-platform migration or multi-person development, resulting in garbled code or inconsistent query. There are three core solutions: First, check and unify the character set of database, table, and fields to utf8mb4, view through SHOWCREATEDATABASE/TABLE, and modify it with ALTER statement; second, specify the utf8mb4 character set when the client connects, and set it in connection parameters or execute SETNAMES; third, select the sorting rules reasonably, and recommend using utf8mb4_unicode_ci to ensure the accuracy of comparison and sorting, and specify or modify it through ALTER when building the library and table.
Aggregating data with GROUP BY and HAVING clauses in MySQL
Jul 05, 2025 am 02:42 AM
GROUPBY is used to group data by field and perform aggregation operations, and HAVING is used to filter the results after grouping. For example, using GROUPBYcustomer_id can calculate the total consumption amount of each customer; using HAVING can filter out customers with a total consumption of more than 1,000. The non-aggregated fields after SELECT must appear in GROUPBY, and HAVING can be conditionally filtered using an alias or original expressions. Common techniques include counting the number of each group, grouping multiple fields, and filtering with multiple conditions.
Implementing Transactions and Understanding ACID Properties in MySQL
Jul 08, 2025 am 02:50 AM
MySQL supports transaction processing, and uses the InnoDB storage engine to ensure data consistency and integrity. 1. Transactions are a set of SQL operations, either all succeed or all fail to roll back; 2. ACID attributes include atomicity, consistency, isolation and persistence; 3. The statements that manually control transactions are STARTTRANSACTION, COMMIT and ROLLBACK; 4. The four isolation levels include read not committed, read submitted, repeatable read and serialization; 5. Use transactions correctly to avoid long-term operation, turn off automatic commits, and reasonably handle locks and exceptions. Through these mechanisms, MySQL can achieve high reliability and concurrent control.
