官术网_书友最值得收藏!

首頁(yè) >

Moodle Security

  • Moodle Security
  • Darko Mileti?
  • 494字
  • 2021-04-09 22:31:59

MySQL configuration

Database is a crucial element of any LMS. In this way, Moodle is no different than all the other platforms. The recommended database for Moodle is MySQL. Most of the development is done using that RDBMS which makes it therefore less error prone and better tested than the other options. This, of course, does not imply that we can just sit back and enjoy the benefits of the default installation that comes with CentOS. Here is the checklist we should go over that improves our setup of MySQL:

  1. Don't use MyISAM engine: CentOS 5.4 comes with MySQL 5.0.77. By default, this version uses the MyISAM engine for storing data. MyISAM is good as a storage engine for most of the read-oriented websites, but as soon as we get a lot of writing it tends to break. Apart from security, we also need reliability. Therefore we should switch the default DB engine to the much better InnoDB. To do that, open the MySQL configuration file located in /etc/my.cnf and add these lines in the [mysqld] section: 
    default-character-set=utf8
default-storage-engine=innodb
  2. Change the default password of superuser: The default superuser with complete rights over a database is called root. In the default configuration, that user does not have a password. We must not permit that to happen. We should at least change the password of that user to something more complex, or even better, rename the user root to something else. This will create an additional level of obfuscation if an attacker attempts to obtain the password for the root account by brute force.
  3. Remove the sample database: MySQL installs a sample database by default called "test". Best practice dictates that we should remove this. Always provide only the minimal necessary level of resources and services that permit your server to operate correctly.
  4. Access Moodle database as unprivileged user and grant only minimum of privileges to that account. Please refer back to Chapter 1 for further explanation.
  5. Restrict or disable remote access to the database: If you host MySQL on the same machine where Moodle is installed then you will never need external access to your database. You can disable the TCP/IP protocol support and all of the communication will be done through UNIX sockets. Add or uncomment this line in /etc/my.cnf. 
    skip-networking
  6. If you use additional web applications or other programs that do not support connections through UNIX Sockets, do not disable TCP/IP. Just force the server to accept connections only from localhost. 
    bind-address=127.0.0.1
  7. Disable symbolic links: Add the following option to your configuration file. 
    symbolic-links=0
  8. Make sure you have the latest updates installed for your distribution.

    Note

    If you want to have a more recent version of MySQL you can obtain certified builds from MySQL free of charge. You will need the following packages:

    MySQL-client-community, MySQL-server-community, and MySQL-shared-community.

  9. Have in mind that MySQL does not provide rpm repository so you will have to manually download and install these packages. Visit http://dev.mysql.com/downloads/mysql/ for more information.
主站蜘蛛池模板: 常熟市| 乐安县| 铜山县| 北宁市| 黄山市| 旬邑县| 万州区| 彰武县| 海伦市| 德江县| 阿巴嘎旗| 中牟县| 安多县| 驻马店市| 奉节县| 南华县| 宝兴县| 衡水市| 临夏县| 平陆县| 鄂尔多斯市| 高唐县| 鄂托克前旗| 韶关市| 尚志市| 常德市| 芷江| 天祝| 乐陵市| 南乐县| 博湖县| 九寨沟县| 玉屏| 亚东县| 茶陵县| 通化市| 于都县| 长白| 遵化市| 洪湖市| 和政县|