官术网_书友最值得收藏!

首頁 >

Moodle Security

  • Moodle Security
  • Darko Mileti?
  • 494字
  • 2021-04-09 22:31:59

MySQL configuration

Database is a crucial element of any LMS. In this way, Moodle is no different than all the other platforms. The recommended database for Moodle is MySQL. Most of the development is done using that RDBMS which makes it therefore less error prone and better tested than the other options. This, of course, does not imply that we can just sit back and enjoy the benefits of the default installation that comes with CentOS. Here is the checklist we should go over that improves our setup of MySQL:

  1. Don't use MyISAM engine: CentOS 5.4 comes with MySQL 5.0.77. By default, this version uses the MyISAM engine for storing data. MyISAM is good as a storage engine for most of the read-oriented websites, but as soon as we get a lot of writing it tends to break. Apart from security, we also need reliability. Therefore we should switch the default DB engine to the much better InnoDB. To do that, open the MySQL configuration file located in /etc/my.cnf and add these lines in the [mysqld] section: 
    default-character-set=utf8
default-storage-engine=innodb
  2. Change the default password of superuser: The default superuser with complete rights over a database is called root. In the default configuration, that user does not have a password. We must not permit that to happen. We should at least change the password of that user to something more complex, or even better, rename the user root to something else. This will create an additional level of obfuscation if an attacker attempts to obtain the password for the root account by brute force.
  3. Remove the sample database: MySQL installs a sample database by default called "test". Best practice dictates that we should remove this. Always provide only the minimal necessary level of resources and services that permit your server to operate correctly.
  4. Access Moodle database as unprivileged user and grant only minimum of privileges to that account. Please refer back to Chapter 1 for further explanation.
  5. Restrict or disable remote access to the database: If you host MySQL on the same machine where Moodle is installed then you will never need external access to your database. You can disable the TCP/IP protocol support and all of the communication will be done through UNIX sockets. Add or uncomment this line in /etc/my.cnf. 
    skip-networking
  6. If you use additional web applications or other programs that do not support connections through UNIX Sockets, do not disable TCP/IP. Just force the server to accept connections only from localhost. 
    bind-address=127.0.0.1
  7. Disable symbolic links: Add the following option to your configuration file. 
    symbolic-links=0
  8. Make sure you have the latest updates installed for your distribution.

    Note

    If you want to have a more recent version of MySQL you can obtain certified builds from MySQL free of charge. You will need the following packages:

    MySQL-client-community, MySQL-server-community, and MySQL-shared-community.

  9. Have in mind that MySQL does not provide rpm repository so you will have to manually download and install these packages. Visit http://dev.mysql.com/downloads/mysql/ for more information.
主站蜘蛛池模板: 陆丰市| 京山县| 图们市| 阳西县| 武陟县| 赣州市| 巫山县| 旺苍县| 外汇| 宁国市| 新绛县| 天台县| 清水县| 曲沃县| 弥渡县| 札达县| 江安县| 开江县| 吉木乃县| 长海县| 长沙县| 梁河县| 平阳县| 双牌县| 平果县| 怀集县| 开封县| 阿鲁科尔沁旗| 林州市| 青冈县| 衡阳县| 镶黄旗| 西宁市| 卫辉市| 祁连县| 崇仁县| 山丹县| 松阳县| 南郑县| 临海市| 建水县|