PhpMyAdmin;我应该禁用 root 登录吗?
我在 Phpmyadmin 中有这样的设置:
USER HOST PASSW PRIVILEGES GRANT
debian-sys-maint localhost Yes ALL PRIVILEGES YES
phpmyadmin localhost Yes USAGE NO
root 127.0.0.1 Yes ALL PRIVILEGES YES
root localhost Yes ALL PRIVILEGES YES
root my_hostname Yes ALL PRIVILEGES YES
username localhost Yes ALL PRIVILEGES YES
其中“username”是我的用户名,“my_hostname”是我的主机名。
我目前仅以最后一个身份登录(用户名,本地主机)。 另外,我有 php,它也使用最后的登录详细信息。
我应该禁用其他的吗?
另外,我还应该采取哪些其他安全措施?
顺便说一句:我的服务器是 Linux,我有 root 访问权限。
谢谢
I have this setup in Phpmyadmin:
USER HOST PASSW PRIVILEGES GRANT
debian-sys-maint localhost Yes ALL PRIVILEGES YES
phpmyadmin localhost Yes USAGE NO
root 127.0.0.1 Yes ALL PRIVILEGES YES
root localhost Yes ALL PRIVILEGES YES
root my_hostname Yes ALL PRIVILEGES YES
username localhost Yes ALL PRIVILEGES YES
Where "username" is my username and "my_hostname" is my hostname.
I am currently only logging in as the last one (username, localhost).
Also, I have php which also uses the last ones login details.
Should I disable the other ones?
And, what other security measures should I take?
BTW: My server is Linux and I have root access.
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
简短回答:是的
这适用于 SQL,也适用于 SSH 和任何其他经常受到端口扫描机器人攻击的服务。
您应该使用强密码创建具有足够权限的自己的用户(以及其他系统管理员的用户),并禁用 root 登录 phpmyadmin 和远程 SQL。
您不必删除 root 帐户。这并不可取。这不适用于向不安全用户提供对 shell(或端口转发)的 SSH 访问的服务器。在这种情况下,最好将密码的强度提高到即使来自本地主机的攻击也无用的程度。
Short answer: yes
This goes for SQL, but also for SSH and any other service attacked regularly from port scanning bots.
You should create your own user with sufficient rights (and users for other sysadmins) with strong password and disable root from logging to phpmyadmin and remotely to SQL.
You do not have to delete the root account. That is not preferable. This does not apply to a server where SSH access to shell (or port forwarding) is given to unsecure users. in such case it is better to increase the strength of the password to a point in which such attacks are useless even from localhost.
如果您不使用一个,请将其删除(不要删除三个 root 登录名,它们将允许您获得超级用户访问权限以在出现问题时修复某些问题)...
但是,我建议“有限权限”用户。仅授予每个用户对其需要修改的数据的访问权限。这样您就可以限制攻击者可能造成的损害。使用一次登录进行所有操作与在生产中使用 root 一样糟糕......
If you're not using one, delete it (Don't delete the three root logins, they will allow you to get super user access to fix something if something goes wrong)...
However, I'd suggest "limited permission" users. Grant each user access only to the data it needs to modify. That way you limit the damage an attacker can do. Using one login for everything is just as bad as using root in production...
作为一般规则,始终建议使用权限尽可能小的帐户。主要有两个原因:
As a general rule it is always advisable to use accounts with as little privileges as possible. There are two mainreasons: