List:General Discussion« Previous MessageNext Message »
From:Benjamin Pflugmann Date:July 27 2002 2:23am
Subject:Re: security
View as plain text  

On Fri 2002-07-26 at 15:24:58 -0300, wrote:
> Why should I close port 3306 used by mysql? What would happen if a
> hacker use this port?

You should close it (as far as reasonable only, of course), simply,
because you lose nothing, but gain an additional layer a malicious
hacker has to overcome.

Where closing can mean to use --skip-networking, if you have only
local accesses, use a firewall to restrict connections to the local
net, or allow only some computers from the internet - depending on
your needs.

It is a general security measure to disallow anything which is not
explicitly needed, as far as the effort is reasonable regarding the
needs. It is irrelvant if there are known attack vectors or not.

That said, AFAICT, there are no known MySQL relevant weeknesses having
the port open. Of course, you get your usual share of risks, like weak
passwords, potential DoS, information leaking and so on, which have
nothing to do with MySQL per se.



securityAnderson Pereira Ataides26 Jul
  • Re: securityPaul DuBois27 Jul
    • Set different sizes on a per-database level?Bill Leonard28 Jul
      • Re: Set different sizes on a per-database level?Dan Nelson28 Jul
    • Set different sizes on a per-database level?Bill Leonard28 Jul
  • Re: securityDicky Wahyu Purnomo27 Jul
  • Re: securityBenjamin Pflugmann27 Jul