Skip to Main Content

The world's most popular open source database

Developer Zone Downloads MySQL.com

Documentation

Section Menu:

Documentation Home

version 8.4

8.0 current
5.7

8.0 Japanese

MySQL 8.4 Reference Manual / Security

Chapter 8 安全性

Table of Contents

8.1 General 安全性 Issues

8.1.1 安全性 Guidelines
8.1.2 确保密码安全
8.1.3 保护MySQL免受攻击
8.1.4 安全性-Related mysqld Options and Variables
8.1.5 MySQL如何以普通用户身份运行
8.1.6 安全性 Considerations for LOAD DATA LOCAL
8.1.7 Client Programming 安全性 Guidelines

8.2 访问控制和账户管理

8.2.1 账户用户名和密码
8.2.2 MySQL 提供的权限
8.2.3 授权表
8.2.4 指定账户名称
8.2.5 指定角色名称
8.2.6 访问控制，第一阶段：连接验证
8.2.7 访问控制，第二阶段：请求验证
8.2.8 添加账户、分配权限和删除账户
8.2.9 保留的帐户
8.2.10 使用角色
8.2.11 账户分类
8.2.12 使用部分撤销的权限限制
8.2.13 当权限更改生效
8.2.14 分配帐户密码
8.2.15 密码管理
8.2.16 密码过期的服务器处理
8.2.17 插件式认证
8.2.18 多因素认证
8.2.19 代理用户
8.2.20 账户锁定
8.2.21 设置帐户资源限制
8.2.22 解决连接 MySQL 问题
8.2.23 基于 SQL 的帐户活动审计

8.3 使用加密连接

8.3.1 配置 MySQL 以使用加密连接
8.3.2 加密连接 TLS 协议和密码
8.3.3 创建 SSL 和 RSA 证书和密钥
8.3.4 从 Windows 通过 SSH 远程连接到 MySQL
8.3.5 重用 SSL 会话

8.4 安全性 Components and Plugins

8.4.1 身份验证插件
8.4.2 连接控制插件
8.4.3 密码验证组件
8.4.4 MySQL 密钥环
8.4.5 MySQL 企业版审计
8.4.6 审计消息组件
8.4.7 MySQL 企业防火墙

8.5 MySQL 企业数据屏蔽和去标识化

8.5.1 数据屏蔽组件与数据屏蔽插件对比
8.5.2 MySQL 企业数据屏蔽和去标识化 Components
8.5.3 MySQL 企业数据屏蔽和去标识化 Plugin

8.6 MySQL 企业加密

8.6.1 MySQL 企业加密 Installation and Upgrading
8.6.2 Configuring MySQL 企业加密
8.6.3 MySQL 企业加密 Usage and Examples
8.6.4 MySQL 企业加密 Function Reference
8.6.5 MySQL 企业加密 Component Function Descriptions

8.7 SELinux

8.7.1 Check if SELinux is Enabled
8.7.2 Changing the SELinux Mode
8.7.3 MySQL Server SELinux Policies
8.7.4 SELinux File Context
8.7.5 SELinux TCP Port Context
8.7.6 Troubleshooting SELinux

8.8 FIPS 支持

When thinking about security within a MySQL installation, you should consider a wide range of possible topics and how they affect the security of your MySQL server and related applications:

General factors that affect security. These include choosing good passwords, not granting unnecessary privileges to users, ensuring application security by preventing SQL injections and data corruption, and others. See Section 8.1, “General Security Issues”.
Security of the installation itself. The data files, log files, and the all the application files of your installation should be protected to ensure that they are not readable or writable by unauthorized parties. For more information, see Section 2.9, “Postinstallation Setup and Testing”.
Access control and security within the database system itself, including the users and databases granted with access to the databases, views and stored programs in use within the database. For more information, see Section 8.2, “Access Control and Account Management”.
The features offered by security-related plugins. See Section 8.4, “Security Components and Plugins”.
Network security of MySQL and your system. The security is related to the grants for individual users, but you may also wish to restrict MySQL so that it is available only locally on the MySQL server host, or to a limited set of other hosts.
Ensure that you have adequate and appropriate backups of your database files, configuration and log files. Also be sure that you have a recovery solution in place and test that you are able to successfully recover the information from your backups. See Chapter 9, Backup and Recovery.

Note

Several topics in this chapter are also addressed in the Secure Deployment Guide, which provides procedures for deploying a generic binary distribution of MySQL Enterprise Edition Server with features for managing the security of your MySQL installation.

PREV HOME UP NEXT