MySQL安全最佳实践

1、使用 mysql_secure_installation

2、 Bind Database Server To Loopback Address，Add the following line below under [mysqld] section

           [mysqld]
           bind-address = 127.0.0.1
3、 Disable LOCAL INFILE in MySQL， Add the following line below under [mysqld] section

          [mysqld]
          local-infile=0
4. Change MYSQL Default Port

5、Enable MySQL Logging

       log=/var/log/mysql.log

6. Set Appropriate Permission on MySQL Files

     chmod 644 /etc/my.cnf

7. Delete MySQL Shell History

     cat /dev/null > ~/.mysql_history
8. Don’t Run MySQL Commands from Commandline

   # mysql -u root -ppassword 不可取，密码会记录在命令历史用
   使用以下方式：

      # mysql -u root -p

      Enter password:
9. Define Application-Specific Database Users

       使用 Authentication Plugins等

      详情参考：https://dev.mysql.com/doc/refman/5.7/en/security-plugins.html

10. Use Additional Security Plugins and Libraries

11. Change MySQL Passwords Regularly

     > UPDATE mysql.user SET password=PASSWORD('YourPasswordHere') WHERE User='root' AND Host = 'localhost';

12. Update MySQL Server Package Regularly

    关注MySQL安全漏洞等信息，及时更新，打补丁