webslave.ws

As database administrators we have the challenge to protect the integrity of the data we are handling and administrating. But whether this information is related to personal data, credit card information or other kind of sensitive information your require of additional levels of security. You don’t have to complicate so much, if you aren’t a so experience administrator. I would like to share with you some tips and advices you must have in mind when you use MySQL Server to store sensitive information. There are some easy and simple task you can do to improve the security level of your web application and databases in MySQL.

1. Remove wildcards: You should evaluate whether the use of wildcard permission in your database is the appropriate. Sometimes it is cause of vulnerability in your database. It could be an element that provokes the attention of outside crackers that can attempt penetrate to your system. It is highly recommended remove the wildcards.

2. Increase your security levels and password protection: When you are working with sensitive information it is important increase constantly your security levels. Also you should have in mind set complicated passwords in order nobody can broke them. There are people thinking that a cracker will start guessing which could be your administrator password. Oh please come on! Those people have advanced tools that can make thousand of cracking attempts in just few seconds. That’s why your levels of protections should be high and optimized frequently. When you have a user account or an administration account in this case, the only protection is your password. There no more protection beyond the one you set in your password. You must avoid passwords that can be easily detected such as those having some relation to the name of your website. For instance if your website name is: “Ebay.com” you can’t establish database passwords such as “auction”, “bids” or something like that. Your password should be as complicated as you can always with combinations of letters and numbers. Also your database passwords in MySQL should be periodically changed and optimized in order you can destroy every possibility of plan of attack into your system.

3. Create good permission policies: You should always have good policies of permission in your folders and databases in MySQL. There are administrators that looking for a better performance skip this security procedure but it is a great error. Should must establish an effective permission policy and apply it to your system.

5. Your communication client-server should be encrypted: Since many years ago, there are too many encryption techniques and today we have more effective encryption mechanism than in the past. With this in mind you should protect your client-server communication with the propel encryption of the information from your client to the browser of the server and vice versa. For an experienced user or a cracker is as simple as a joke sniff information packages from a network and take it. But if this information is traveling encrypted throughout the network, your information will keep secure and free of risks.