premiso Posted February 1, 2009 Share Posted February 1, 2009 Hey All, I had a question about MySQL Windows Security. I have read up on this and just wondering if anyone had any more insight on how to further secure it. I am running a MySQL on my host for a test database for me and 1 other person. We will be using the same account just so our data is consistent and up-to date. To do this I had to open the MySQL port (I of course changed this port to be non-default). I have removed the root user and only have 1 user account, unfortunately neither me or the other person have static IPs so I had to set the host to %. The account password is pretty beefed up about 15 characters with a mixture of letters numbers and special chars as is the username. I think this should be sufficient, but would like to know of any other secrets out there that might help. Any input is appreciated and I thank you for replying! EDIT: Also I have my router setup to not ping back on the default ports. Quote Link to comment Share on other sites More sharing options...
corbin Posted February 1, 2009 Share Posted February 1, 2009 If you're super concerned, I think PHP supports host names. You could use something like no-ip.com and use their automatic update client to have a host name always resolve to your IP address (well, unless it changes in between when it updates). I wonder if there's a way to ban an IP after x failed attempts.... Anyway, I suggest not running it on port 3306 if you're super concerned. No one is going to be looking for port 23981 for example. Also, make sure the username isn't something obviously like john_smith (if that were your name). If you're super concerned, use something longer than a 15 character password. 15 chars with non-alphanumeric chars would be a pain for someone to brute force, but if you're super paranoid, you can always make the password longer ;p. I can't think of anything else..... ;p Quote Link to comment Share on other sites More sharing options...
premiso Posted February 1, 2009 Author Share Posted February 1, 2009 Thanks corbin. Yea, I tried the no-ip approach for allowing users like: GRANT ... username@'host.no-up.org'.... Which would not let me in, unfortunately. I may try that avenue more in-depth, because that would be a ton better than just using the %. As for the port, yea it is not the 3306, it is some absurd and random number. The username and password are at least 15 chars with a mixture of special etc. I am interested if I could ban an IP that tries to connect more than 5 times, that is not a bad idea. It may require a script to parse the log file to check, but that is also another good idea to do. Thanks for the info corbin. Quote Link to comment Share on other sites More sharing options...
corbin Posted February 1, 2009 Share Posted February 1, 2009 If you're super desperate about the no-ip thing, I bet you could mod the MySQL core to have that feature. As for the failed login attempts... I have no idea x.x. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.