Making MariaDB Secure Against Attackers


When you connect to a MariaDB server, you should use a password. The password is not transmitted in clear text over the connection. Password handling during the client connection sequence was upgraded in MariaDB to be very secure. If you are still using pre-4.1.1-style passwords, the encryption algorithm is not as strong as the newer algorithm. With some effort, a clever attacker who can sniff the traffic between the client and the server can crack the password. (See , "Password Hashing in MySQL", for a discussion of the different password handling methods.)

All other information is transferred as text, and can be read by anyone who is able to watch the connection. If the connection between the client and the server goes through an untrusted network, and you are concerned about this, you can use the compressed protocol to make traffic much more difficult to decipher. You can also use MySQL's internal SSL support to make the connection even more secure. See , "Using SSL for Secure Connections". Alternatively, use SSH to get an encrypted TCP/IP connection between a MariaDB server and a MariaDB client. You can find an Open Source SSH client at http://www.openssh.org/, and a commercial SSH client at http://www.ssh.com/.

To make a MariaDB system secure, you should strongly consider the following suggestions:

Retornar