What is the best way to secure database server?

What is the best way to secure database server?

3 Replies

Sanitize all your inputs?

> Sanitize all your inputs?
I am not sure I understand what you mean…

via ufw, iptables, and SELinux

Should I close port 80 on it?

For the server itself, don't expose it to the Internet. For MySQL, ensure bind-address is either (for standalone use) or your private IP address (if other machines will be accessing it), and make sure you have firewall rules set up to only allow trusted things to reach it. (The Linode "private" network is private to you and thousands of other random Linodes, so don't trust everything from there, either!)

Ensure that all connections to the database server require a password (or some other secure credential, NOT just a username and an IP address). Also make sure that each application/user has their own username, and that they only have access to the stuff they need. (If a program runs only SELECT queries on one database, just give it SELECT privileges to that database, and no access to other databases.)

Also, read about, and understand how to recognize and avoid, SQL Injection Vulnerabilities, especially if you are writing your own code. NEVER do something like this with user input:

$offset = $argv[0]; // beware, no input validation!
$query  = "SELECT id, name FROM products ORDER BY name LIMIT 20 OFFSET $offset;";
$result = pg_query($conn, $query);

(example borrowed from here)


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct