Reputation: 10913
How to improve security of mysql database
I'm a student and we are making a simple information system for a hospital. How can we improve the security of mysql database so that confidential information will be protected.
Upvotes: 2
Views: 1525
Answers (5)
Reputation: 21
- use a good password
- only allow visitors from certain IP
- strong password system, so that even hacked, no one gets it even yourself
md5('your-password') is not secure enough, try something like md5(md5('your-password').'your-password').
Upvotes: 2
Reputation: 3318
Security is a complex issue and it is hard to answer vague questions.
A few generalisations.
If it makes sense to co-locate your database and application on the same server, then you should do so and disable all remote access to the database. The downside is that this limits your ability to scale using separate database and application servers.
Also you need to determine if you require replication. If you do then you need to allow access, whereas if you can get away with it you should not.
You need to be rigouous with your username and password regime. I actually use a password generator for both the user name and the password for application access, but how far you go is up to you.
You should assume that someone will get access to your database. Each "user" should only have the permissions required by the user to do that job. The less each user can do the safer you will be when someone does break in. You may need to create several users so each bit of your application can do their job, and only their job.
Lastly you should consider the ramifications of gaining access to your database. I would assume that health records require extremely high levels of security. You may consider some form of encryption / obfuscation in the database itself, but I have not ever needed to do this myself so I cannot comment furher.
Upvotes: 3
Reputation: 16596
Disallow connections from all ip addresses except application server ip address. And make sure that application working with DB is free of security holes. :)
Upvotes: 0
Reputation: 13972
Just a few off the top of my head...
- Use a good password
- Only allow access to the server from places it should be accessed from. eg. if it should only be accessed by a web server on the same machine, then don't allow mysql to be accessed from outside the machine.
- Give each person that can access it their own username and password and limit them to only the actions they need to perform. Disable DROP, DELETE etc and don't give average users permission to change databases, create tables, alter tables etc etc.
- Make sure you understand the user permissions system used in MySQL. It is a nightmare at first, but gives you a lot of control when you get it.
- Don't assume it is secure - it isn't - regardless of what you've done, you can always do more.
Upvotes: 4
Related Questions
- How to secure phpMyAdmin
- How to protect sensitive data in MySQL?
- How can I better secure my database connection
- keeping databases secure
- How to protect mysql database from anyone
- How to enhance security of a website?
- Steps to protect sensitive information in a MySQL Database
- How to strengthen Mysql database server Security?
- Securing mySQL data
- Keep database information secure