• +91 9723535972
  • info@interviewmaterial.com

My SQL Interview Questions and Answers

Related Subjects

MS SQL Interview Questions and Answers  |  Oracle Interview Questions and Answers  |  Tera Data Interview Questions and Answers  |  MongoDB Interview Questions and Answers  |  Neo4J Interview Questions and Answers  |  Cosmos DB Interview Questions and Answers  |  Data Warehouse Interview Questions and Answers  |  DBMS Interview Questions and Answers
Question - MySQL - General Security

Answer - Anyone using MySQL on a computer connected to the Internet should read this section to avoid the most common security mistakes. In discussing security, we emphasize the necessity of fully protecting the entire server host (not simply the MySQL server) against all types of applicable attacks: eavesdropping, altering, playback, and denial of service. We do not cover all aspects of availability and fault tolerance here. MySQL uses Access Control Lists (ACLs) security for all connections, queries, and other operations that a user may attempt to perform. There is also some support for SSL-encrypted connections between MySQL clients and servers. Many of the concepts discussed here are not specific to MySQL at all; the same general ideas apply to almost all applications. When running MySQL, follow these guidelines whenever possible: DON'T EVER GIVE ANYONE (EXCEPT THE MySQL ROOT USER) ACCESS TO THE mysql.user TABLE! The encrypted password is the real password in MySQL. If you know this for one user you can easily login as him if you have access to his 'host'. Learn the MySQL access privilege system. The GRANT and REVOKE commands are used for restricting access to MySQL. Do not grant any more privileges than necessary. Never grant privileges to all hosts. Checklist: Try mysql -u root. If you are able to connect successfully to the server without being asked for a password, you have problems. Any user (not just root) can connect to your MySQL server with full privileges! Review the MySQL installation instructions, paying particular attention to the item about setting a root password. Use the command SHOW GRANTS and check to see who has access to what. Remove those privileges that are not necessary using the REVOKE command. Do not keep any plain-text passwords in your database. When your computer becomes compromised, the intruder can take the full list of passwords and use them. Instead use MD5() or another one-way hashing function. Do not use passwords from dictionaries. There are special programs to break them. Even passwords like ``xfish98'' are very bad. Much better is ``duag98'' which contains the same word ``fish'' but typed one key to the left on a standard QWERTY keyboard. Another method is to use ``Mhall'' which is taken from the first characters of of each word in the

Comment(S)

Show all Coment

Leave a Comment

 | 

NCERT Solutions

 

Share your email for latest updates

Name:
Email:

Latest News

10000+ interview questions in different categories

Freshers and experienced

Testimonial

NCERT Questions Answers

We are group of professionals with the same objective for helping school students who are struggling in NCERT Questions Answers. We are just sharing our knowledge for the students and helping them by providing Questions Answers.

Halpura.com

At Halpura we are reimagining the actual potentials of quality information resources reaching people across the globe to make an everlasting impact.

Our partners