Langsung ke konten utama

Setting security wajib setelah menginstall MySQL


Proses install database server MySQL adalah hal yang mudah dan biasanya langsung digunakan begitu saja oleh PHP hanya dengan setting apa password rootnya. Tapi ada satu langkah yang harus dilakukan yaitu mengamankan settingnya yang default. Selain dengan mengedit file my.cnfada cara yang gampang. 🙂
Catatan saja cara berikut berlaku untuk MySQL, MariaDB, Percona Server dan mungkin fork – fork lainnya yang belum saya ketahui. Saya mencontohkan pada VPS dengan sistem operasi Debian yang telah terpasang MariaDB 5.5.45. Silakan eksekusi perintah berikut:
mysql_secure_installation
Nanti akan muncul balasan seperti berikut, peringatan dan konfirmasi pengamanan instalasi database server dan kemudian login sebagai root MySQL:
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
Yang harus diperhatikan dari kutipan log perintah mysql_secure_installation diatas adalah beberapa hal:
  1. Change the root password? – Ini ditanyakan apakah ingin mengganti password root MySQL. Karena baru saja menginstall dan menggunakan kata sandi yang kuat maka saya jawab tidak.
  2. Remove anonymous users? – Menghapus user anonim, jenis pengguna ini bisa masuk ke database server tanpa username dan password. Diciptakan untuk testing sebenarnya, tapi banyak yang tidak tahu dan ada resiko disalahgunakan. Sebaiknya dibuang.
  3. Disallow root login remotely? – Mematikan akses user root dari luar server. Menggunakan root disarankan hanya dari dalam server itu sendiri untuk mencegah hal – hal yang tidak diinginkan.
  4. Remove test database and access to it? – Selain user untuk tes MySQL juga menyertakan sebuah database tes. Aman untuk dihapus.
  5. Reload privilege tables now? – Setelah semua setting diatas anda ikuti dan konfirmasi perubahannya maka perlu dicek ulang hak akses pengguna dan databasenya.
Mudah bukan? Pokoknya jangan sampai lupa menjalankan langkah ini untuk setiap instalasi baru MySQL/MariaDB/Percona untuk meningkatkan keamanan databasenya. Juga tidak ada efek negatifnya.

Label:

Komentar

Posting Komentar

Silakan dikomen...

Postingan populer dari blog ini

CREATE CROSS TAB QUERY IN MYSQL

MySQL Multi-Aggregated Rows in Crosstab Queries MySQL’s crosstabs contain aggregate functions on two or more fields, presented in a tabular format. In a multi-aggregate crosstab query, two different functions can be applied to the same field or the same function can be applied to multiple fields on the same (row or column) axis. Rob Gravelle shows you how to apply two different functions to the same field in order to create grouping levels in the row axis. Today’s topic of discussion is crosstabs, which contain multiple aggregate functions in the row axis of a tabular resultset. Recall from the the  All About the Crosstab Query  article that an aggregate function is one that summarizes a group of related data in some way. Examples of aggregate functions include COUNT, SUM, AVG, MIN, and MAX. In a multi-aggregate crosstab query, two different functions can be applied to the same field or the same function can be applied to two or more fields. Today we’ll create a query...
Posting Komentar
Baca selengkapnya

Mysql Import data from CSV File

  Microsoft Windows [Version 10.0.15063] (c) 2017 Microsoft Corporation. All rights reserved. C:\Users\PSI011>cd C:\xampp\mysql\bin C:\xampp\mysql\bin> mysqld 2017-08-22 14:24:49 15428 [Note] mysqld (mysqld 10.1.25-MariaDB) starting as process 16352 ... C:\xampp\mysql\bin> mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 10.1.25-MariaDB mariadb.org binary distribution Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use pkh; Database changed MariaDB [pkh]> LOAD DATA LOCAL INFILE 'D:/2017/PKH_FOR_BPKP/PKH_FOR_BPKP_01.csv' -> INTO TABLE pkh_bpkp -> FIELDS TERMINATED BY ',' -> OPTIONALLY ENCLOSED BY '"' -> ESCAPED BY '"' -> LINES TERMINATED BY '\n...
Posting Komentar
Baca selengkapnya

Pentaho Data Integration: Membuat Koneksi ke database MSSQL Server 2008 R2

Untuk terhubung ke database SQL Server langkah-langkah berikut harus dilakukan:   Download Driver Microsoft JDBC di https://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=11774  Tutup Spoon atau Kettle project  Unzip/extract paket dalam direktori temporer (bebas) Copy '<temp directory> \ sqljdbc_6.0\enu\auth\x64\ sqljdbc_auth.dll' ke 'C:\Program Files\Java\jre1.8.0_131' atau sesuaikan dengan path java runtime terinstall  Copy '<temp directory>\ sqljdbc_6.0\enu\jre8\sqljdbc42.jar' ke '<Kettle folder instalasi> \ data-integration \ lib' Buka Spoon atau Kettle project Uji koneksi dalam Spoon Hapus direktori temporer karena sudah tidak digunakan lagi Jika kita meng-upgrade Kettle, Java, JDBC Driver ke versi yang lebih tinggi, maka serangkaian langkah-langkah di atas harus diulang lagi.
2 komentar
Baca selengkapnya