如何保护数据库服务器？

Currently my database user and its password are pretty easily to guess, eg.

目前,我的数据库用户及其密码很容易猜到,例如。

database user: dbadmin

数据库用户:dbadmin

database pwd : super + companyname

数据库pwd:超级+公司名称

What and how to generate a secure a secure database password? Using md5 or sha1??

什么以及如何生成安全的数据库密码?使用md5或sha1 ??

What are the things that I need to pay attention to secure my database?

保护我的数据库需要注意哪些事项?

I am using php, thanks

我正在使用php,谢谢

4 个解决方案

#1

If what you're looking for is just a secure password generator, there are a number of tools for creating strong passwords. Keepass is one that I use, but you can also look into pwgen, apg, passgen, or others.

如果您正在寻找的只是一个安全的密码生成器,那么有许多工具可用于创建强密码。 Keepass是我使用的,但您也可以查看pwgen,apg,passgen或其他。

Keepass -- http://keepass.info/

Keepass - http://keepass.info/

apg -- http://www.debianadmin.com/automated-password-generator-in-debian.html

apg - http://www.debianadmin.com/automated-password-generator-in-debian.html

passgen -- http://www.linuxbuilt.com/passwords.php

passgen - http://www.linuxbuilt.com/passwords.php

pwgen -- http://sourceforge.net/projects/pwgen/

pwgen - http://sourceforge.net/projects/pwgen/

To keep the database secure you also need to consider where you're using the username/password combination in your scripts. One technique that I've seen used often is to put the credentials in a separate file and to import them everywhere else they're needed. This way you can put strict access regulations on that one file through your webserver and filesystem security settings.

为了保证数据库的安全,您还需要考虑在脚本中使用用户名/密码组合的位置。我经常使用的一种技术是将凭证放在一个单独的文件中,并将它们导入到其他需要的地方。这样,您就可以通过Web服务器和文件系统安全设置对该文件进行严格的访问规则。

Security is a layered approach, and the more precautions you take the more resistant your server will be to malicious activity.

安全性是一种分层方法,您采取的预防措施越多,您的服务器对恶意活动的抵抗力就越大。

#2

Use some kind of pattern to create a password that is complex, but also possible for you to remember.

使用某种模式来创建复杂的密码,但也可以让您记住。

E.g. Think of a silly sentence and take the first letter of every word.

例如。想想一个愚蠢的句子并拿出每个单词的第一个字母。

"16 Butterflys drew straws to see which 5 should become Caterpillars first."

“16只蝴蝶吸取了稻草,看看哪5只应该成为毛毛虫。”

forms the password "16Bdstsw5sbCf".

形成密码“16Bdstsw5sbCf”。

That's 13 chars long, contains 3 numbers and some upper case chars. That should be pretty strong, and it's much easier to remember than just a random string.

这是13个字符长,包含3个数字和一些大写字母。这应该是非常强大的,并且比仅仅随机字符串更容易记住。

For even better strength, throw some punctuation in there too.

为了获得更好的力量,也要在那里扔一些标点符号。

#3

If you use phpMyAdmin it has, when you are creating a user, a 'generate password' option. Try that or you could do something like this:

如果您使用phpMyAdmin,则在创建用户时,它会生成“生成密码”选项。试试这个,或者你可以这样做:

function generatePassword($length) {
    // start with a blank password
    $password = "";
    // define possible characters
    $possible = "0123456789bcdfghjkmnpqrstvwxyz"; 
    // set up a counter
    $i = 0; 
    // add random characters to $password until $length is reached
    while ($i < $length) { 
        // pick a random character from the possible ones
        $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
        // we don't want this character if it's already in the password
        if (!strstr($password, $char)) { 
            $password .= $char;
            $i++;
        }
     }
     // done!
     return $password;
 }

#4

You can make a secure password simply by mashing the keyboard:

您可以通过粘贴键盘来制作安全密码:

Z3w947CFqnY39cfo

That's as secure as you possibly need - it's immune to dictionary attacks, and long enough to be immune to brute force attacks.

这就像你可能需要的那样安全 - 它不受字典攻击的影响,并且足够长时间免受暴力攻击。

(Of course you'll need to write it down, unless you have a trick memory, but that's always a compromise with passwords - and presumably it will appear in your application code or config anyway.)

(当然你需要把它写下来,除非你有特技记忆,但这总是与密码妥协 - 并且可能它会出现在你的应用程序代码或配置中。)

#1