SlideShare a Scribd company logo

Introduction to MariaDb

B
BehzadDara

Security features of MariaDb

Education
1 of 29
Download to read offline
‫امنیتی‬ ‫امکانات‬ MariaDB ‫شریف‬ ‫صنعتی‬ ‫دانشگاه‬ ‫داده‬ ‫پایگاه‬ ‫امنیت‬ ‫درس‬ ‫کالسی‬ ‫ارائه‬ ‫دهندگان‬ ‫ارائه‬ : ‫دارا‬ ‫بهزاد‬ – ‫رضایی‬ ‫اکبر‬ ‫علی‬ ‫درس‬ ‫استاد‬ : ‫نوگورانی‬ ‫دری‬ ‫صادق‬ ‫اول‬ ‫نیمسال‬ 14۰1 - 14۰۰
‫اندازی‬ ‫راه‬ ‫و‬ ‫نصب‬ MariaDB • Sudo apt update • Sudo apt install –y mariadb-server mariadb-client • Sudo systemctl status mariadb
‫به‬ ‫اتصال‬ MariaDB ‫ها‬ ‫دسترسی‬ ‫تعریف‬ ‫و‬ • Sudo mysql –y root –p • ‫داده‬ ‫پایگاه‬ ‫تعریف‬ : • Create database ‘dbname’ • Show database • ‫کاربر‬ ‫تعریف‬ : • Create user ‘username’@localhost identified by ‘password’ • select user from MySQL.user
‫به‬ ‫اتصال‬ MariaDB ‫ها‬ ‫دسترسی‬ ‫تعریف‬ ‫و‬ • ‫دسترسی‬ ‫تنظیم‬ ( : ‫دسترسی‬ ‫بدون‬ ،‫ساخت‬ ‫از‬ ‫بعد‬ ‫کاربر‬ ) • Grant all privileges on ‘dbname’.* To ‘username’@localhost • Flush privileges • Show grants for ‘username’@localhost
‫امنیتی‬ ‫ی‬ ‫اولیه‬ ‫تنظیمات‬ Sudo mysql-secure-installation • ‫هویت‬ ‫احراز‬ ‫نوع‬ ‫انتخاب‬ • ‫داده‬ ‫پایگاه‬ ‫روی‬ ‫پسورد‬ ‫تنظیم‬ • ‫مجاز‬ ‫غیر‬ ‫کاربران‬ ‫حذف‬ • ‫ریموت‬ ‫دسترسی‬ ‫کردن‬ ‫مجاز‬ ‫غیر‬ • ‫تستی‬ ‫داده‬ ‫پایگاه‬ ‫حذف‬ • ‫جداول‬ ‫مجدد‬ ‫بارگزاری‬
‫ی‬ ‫وسیله‬ ‫به‬ ‫امن‬ ‫اتصال‬ SSL • ‫تنظیمات‬ SSL • ‫روی‬ ‫کردن‬ ‫فعال‬ MariaDB • ‫اتصال‬ ‫برای‬ ‫کاربر‬ ‫تعریف‬
COMPREHENSIVE USER MANAGEMENT
USER MANAGEMENT • user management is critical to securing databases • mistakes and shorts can become prevalent, compromising security
TOPICS • creating users • User privileges • Granting, revoking permissions • role-based access control • password validation • user resource limits
Creating users • has the following pattern: CREATE [OR REPLACE] USER [IF NOT EXISTS] 'username'@'host_name' IDENTIFIED BY 'password'; • For each account, CREATE USER creates a new row in mysql.user
Creating users - Host Name Component • the hostname of the computer which the user connects from • IP address of the computer that the user connects from • the network that the user connects from • to allow only local client connections, use 'localhost' • If the host name is not provided, it is assumed to be '%‘ Examples: CREATE USER 'boyd'@'%' IDENTIFIED BY 'bomber'; CREATE USER 'richard'@'powr.example.net' IDENTIFIED BY 'nuclear'; CREATE USER 'dallin'@'192.168.1.1' IDENTIFIED BY 'judge';
Creating users - Authentication Plugin - ed25519: • The ed25519 authentication plugin uses Elliptic Curve Digital Signature Algorithm (ECDSA) • The ed25519 algorithm is the same one that is used by OpenSSH. • INSTALL SONAME 'auth_ed25519'; • Example: CREATE USER username@hostname IDENTIFIED VIA ed25519 USING PASSWORD('secret');
Creating users - Authentication Plugin - PAM • A pluggable authentication module (PAM) is a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API) • INSTALL SONAME 'auth_pam'; • Example: CREATE USER ‘username’@’hostname’ IDENTIFIED VIA pam;
Creating users - TLS Options: • You can set certain TLS-related restrictions for specific user accounts. For instance, you might use this with user accounts that require access to sensitive data while sending it across networks that you do not control. • can be enabled for a user account with the CREATE USER, ALTER USER statements
Creating users - TLS Options Option Description REQUIRE NONE TLS is not required for this account, but can still be used. REQUIRE SSL The account must use TLS, but no valid X509 certificate is required. This option cannot be combined with other TLS options. REQUIRE X509 The account must use TLS and must have a valid X509 certificate. This option implies REQUIRE SSL. This option cannot be combined with other TLS options. REQUIRE ISSUER 'issuer' The account must use TLS and must have a valid X509 certificate. Also, the Certificate Authority must be the one specified via the string issuer. This option implies REQUIRE X509. This option can be combined with the SUBJECT, and CIPHER options in any order. REQUIRE SUBJECT 'subject' The account must use TLS and must have a valid X509 certificate. Also, the certificate's Subject must be the one specified via the string subject. This option implies REQUIRE X509. This option can be combined with the ISSUER, and CIPHER options in any order. REQUIRE CIPHER 'cipher' The account must use TLS, but no valid X509 certificate is required. Also, the encryption used for the connection must use a specific cipher method specified in the string cipher. This option implies REQUIRE SSL. This option can be combined with the ISSUER, and SUBJECT options in any order.
Creating users - TLS Options • The REQUIRE keyword must be used only once for all specified options, and the AND keyword can be used to separate individual options, but it is not required • Example: CREATE USER 'alice'@'%' REQUIRE SUBJECT '/CN=alice/O=My Dom, Inc./C=US/ST=Oregon/L=Portland' AND ISSUER '/C=FI/ST=Somewhere/L=City/ O=Some Company/CN=Peter Parker/emailAddres s=p.parker@marvel.com' AND CIPHER 'SHA-DES-CBC3-EDH-RSA';
Creating users - Resource Limit Options • MariaDB Platform can leverage user resource limits to stop and/or reduce the damage caused by an attacker who’s employing compromised user credentials.
Creating users - Resource Limit Options Limit Type Decription MAX_QUERIES_PER_HOUR Number of statements that the account can issue per hour (including updates) MAX_UPDATES_PER_HOUR Number of updates (not queries) that the account can issue per hour MAX_CONNECTIONS_PER_HOUR Number of connections that the account can start per hour MAX_USER_CONNECTIONS Number of simultaneous connections that can be accepted from the same account; if it is 0, max_connections will be used instead; if max_connections is 0, there is no limit for this account's simultaneous connections. MAX_STATEMENT_TIME Timeout, in seconds, for statements executed by the user.
Creating users - Resource Limit Options • Example: CREATE USER 'someone'@'localhost' WITH MAX_USER_CONNECTIONS 10 MAX_QUERIES_PER_HOUR 200;
Creating users - Password Expiry • Example: ALTER USER 'monty'@'localhost' PASSWORD EXPIRE INTERVAL 120 DAY; CREATE USER 'monty'@'localhost' PASSWORD EXPIRE INTERVAL 120 DAY;
DROP USER Example: DROP USER [IF EXISTS] user_name
GRANT • The GRANT statement allows you to grant privileges or roles to accounts. GRANT priv_type ON priv_level TO ‘username’@’hostname’
GRANT - Privileges
GRANT - Privilege Levels  Global privileges priv_type are granted using *.* for priv_level. Global privileges include privileges to administer the database and manage user accounts, as well as privileges for all tables, functions, and procedures. Global privileges are stored in the mysql.user table.  Database privileges priv_type are granted using db_name.* for priv_level, or using just * to use default database. Database privileges include privileges to create tables and functions, as well as privileges for all tables, functions, and procedures in the database. Database privileges are stored in the mysql.db table.  Table privileges priv_type are granted using db_name.tbl_name for priv_level, or using just tbl_name to specify a table in the default database. The TABLE keyword is optional. Table privileges include the ability to select and change data in the table. Certain table privileges can be granted for individual columns.  Column privileges priv_type are granted by specifying a table for priv_level and providing a column list after the privilege type. They allow you to control exactly which columns in a table users can select and change.  Function privileges priv_type are granted using FUNCTION db_name.routine_name for priv_level, or using just FUNCTION routine_name to specify a function in the default database.  Procedure privileges priv_type are granted using PROCEDURE db_name.routine_name for priv_level, or using just PROCEDURE routine_name to specify a procedure in the default database.
GRANT Example: • GRANT SELECT,INSERT,UPDATE,DELETE ON serv.* TO 'jeffrey'@'localhost'; • GRANT SELECT ON edu.staff TO 'david'@'localhost' WITH GRANT OPTION; • GRANT ALL ON logan.* TO 'quentin'@'localhost' WITHMAX_QUERIES_PER_HOUR 100;
REVOKE: • Example: REVOKE DELETE,GRANT OPTION ON cust.* FROM 'todd'@'%'; REVOKE ALL,GRANT OPTION FROM 'neil'@'%.example.com'; REVOKE priv_type ON priv_level FROM user
RBAC: • created with the CREATE ROLE statement, and dropped with the DROP ROLE statement. • assigned to a user with an extension to the GRANT statement • Once a user has connected, he can obtain all privileges associated with a role by setting a role with the SET ROLE statement. • The CURRENT_ROLE function returns the currently set role for the session, if any.
Password Validation Plugin • MariaDB comes with three password validation plugins — the simple_password_check plugin, the cracklib_password_check plugin and the password_reuse_check plugin. • They are not enabled by default • INSTALL SONAME 'simple_password_check';
Reference: • https://en.wikipedia.org/wiki/MariaDB • https://phoenixnap.com/kb/how-to-create-mariadb-user-grant-privileges • https://www.alibabacloud.com/blog/how-to-secure-connections-to- mariadb-with-ssl-encryption_595079 • https://mariadb.com/kb/en/create-user/ • https://mariadb.com/kb/en/authentication-plugin- pam/#pam_google_authenticator • https://mariadb.com/kb/en/grant/#account-names

Recommended

Db Security Seminar AppArmor
Db Security Seminar AppArmorDb Security Seminar AppArmor
Db Security Seminar AppArmorAmirAshnavar
 
Slides Cassandra
Slides CassandraSlides Cassandra
Slides Cassandrahamidd77
 
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012Scott Sutherland
 
How to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureHow to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureTiago Simões
 
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellDerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellScott Sutherland
 
How to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieHow to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieTiago Simões
 
Firebird
FirebirdFirebird
FirebirdChinsan Huang
 
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL ServerScott Sutherland
 

Recommended

Db Security Seminar AppArmor
Db Security Seminar AppArmorDb Security Seminar AppArmor
Db Security Seminar AppArmorAmirAshnavar
 
Slides Cassandra
Slides CassandraSlides Cassandra
Slides Cassandrahamidd77
 
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012Scott Sutherland
 
How to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureHow to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureTiago Simões
 
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellDerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellScott Sutherland
 
How to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieHow to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieTiago Simões
 
Firebird
FirebirdFirebird
FirebirdChinsan Huang
 
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL ServerScott Sutherland
 
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerSecure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerScott Sutherland
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShellScott Sutherland
 
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsTROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsScott Sutherland
 
How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...AlexRobert25
 
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)Scott Sutherland
 
Beyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL ServerBeyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL ServerScott Sutherland
 
Beyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerBeyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerNetSPI
 
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShellScott Sutherland
 
How To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for WindowsHow To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for WindowsVCP Muthukrishna
 
2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQLScott Sutherland
 
BMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys LimitedBMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys LimitedWes Moskal-Fitzpatrick
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardeningn|u - The Open Security Community
 
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise securityMuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise securityakashdprajapati
 
How To Install and Configure AWS CLI on RHEL 7
How To Install and Configure AWS CLI on RHEL 7How To Install and Configure AWS CLI on RHEL 7
How To Install and Configure AWS CLI on RHEL 7VCP Muthukrishna
 
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongCRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongKeith Lee
 
Install ldap server
Install ldap serverInstall ldap server
Install ldap serverMawardi 12
 
Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1M.M.Rahman Munna, Linux, VMware and Mail Server Expert
 
Deploy agent in em12c
Deploy agent in em12cDeploy agent in em12c
Deploy agent in em12cOsama Mustafa
 
How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7
How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7
How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7VCP Muthukrishna
 
Nagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with Nagios
Nagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with NagiosNagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with Nagios
Nagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with NagiosNagios
 
Install ldap server
Install ldap serverInstall ldap server
Install ldap serverMawardi 12
 
Southeast Linuxfest -- MySQL User Admin Tips & Tricks
Southeast Linuxfest -- MySQL User Admin Tips & TricksSoutheast Linuxfest -- MySQL User Admin Tips & Tricks
Southeast Linuxfest -- MySQL User Admin Tips & TricksDave Stokes
 

More Related Content

What's hot

Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerSecure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerScott Sutherland
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShellScott Sutherland
 
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsTROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsScott Sutherland
 
How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...AlexRobert25
 
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)Scott Sutherland
 
Beyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL ServerBeyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL ServerScott Sutherland
 
Beyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerBeyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerNetSPI
 
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShellScott Sutherland
 
How To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for WindowsHow To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for WindowsVCP Muthukrishna
 
2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQLScott Sutherland
 
BMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys LimitedBMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys LimitedWes Moskal-Fitzpatrick
 
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise securityMuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise securityakashdprajapati
 
How To Install and Configure AWS CLI on RHEL 7
How To Install and Configure AWS CLI on RHEL 7How To Install and Configure AWS CLI on RHEL 7
How To Install and Configure AWS CLI on RHEL 7VCP Muthukrishna
 
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongCRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongKeith Lee
 
Install ldap server
Install ldap serverInstall ldap server
Install ldap serverMawardi 12
 
Deploy agent in em12c
Deploy agent in em12cDeploy agent in em12c
Deploy agent in em12cOsama Mustafa
 
How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7
How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7
How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7VCP Muthukrishna
 
Nagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with Nagios
Nagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with NagiosNagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with Nagios
Nagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with NagiosNagios
 

What's hot (20)

Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerSecure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
 
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsTROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
 
How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...
 
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
 
Beyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL ServerBeyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL Server
 
Beyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerBeyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL Server
 
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
 
How To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for WindowsHow To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for Windows
 
2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL
 
BMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys LimitedBMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys Limited
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
 
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise securityMuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
 
How To Install and Configure AWS CLI on RHEL 7
How To Install and Configure AWS CLI on RHEL 7How To Install and Configure AWS CLI on RHEL 7
How To Install and Configure AWS CLI on RHEL 7
 
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone WrongCRESTCon Asia 2018 - Config Password Encryption Gone Wrong
CRESTCon Asia 2018 - Config Password Encryption Gone Wrong
 
Install ldap server
Install ldap serverInstall ldap server
Install ldap server
 
Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1
 
Deploy agent in em12c
Deploy agent in em12cDeploy agent in em12c
Deploy agent in em12c
 
How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7
How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7
How To Create RDS Database for WordPress in AWS on RHEL 7 or CentOS 7
 
Nagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with Nagios
Nagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with NagiosNagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with Nagios
Nagios Conference 2014 - Jeff Mendoza - Monitoring Microsoft Azure with Nagios
 

Similar to Introduction to MariaDb

Install ldap server
Install ldap serverInstall ldap server
Install ldap serverMawardi 12
 
Southeast Linuxfest -- MySQL User Admin Tips & Tricks
Southeast Linuxfest -- MySQL User Admin Tips & TricksSoutheast Linuxfest -- MySQL User Admin Tips & Tricks
Southeast Linuxfest -- MySQL User Admin Tips & TricksDave Stokes
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)Sarah Conway
 
Mojo – Simple REST Server
Mojo – Simple REST ServerMojo – Simple REST Server
Mojo – Simple REST Serverhendrikvb
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldapBabaa Naya
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldapBabaa Naya
 
Code your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnCode your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnDan Rinzel
 
Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Colin Charles
 
MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016Colin Charles
 
3429 How to transform your messaging environment to a secure messaging envi...
3429 How to transform your messaging environment to a secure messaging envi...3429 How to transform your messaging environment to a secure messaging envi...
3429 How to transform your messaging environment to a secure messaging envi...Robert Parker
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015Scott Sutherland
 
Creating Reusable Puppet Profiles
Creating Reusable Puppet ProfilesCreating Reusable Puppet Profiles
Creating Reusable Puppet ProfilesBram Vogelaar
 
LASCON 2013 - AWS CLoud HSM
LASCON 2013 - AWS CLoud HSM LASCON 2013 - AWS CLoud HSM
LASCON 2013 - AWS CLoud HSM Oleg Gryb
 
Node.js API 서버 성능 개선기
Node.js API 서버 성능 개선기Node.js API 서버 성능 개선기
Node.js API 서버 성능 개선기JeongHun Byeon
 
Welcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSWelcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSMike Felch
 
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...ScyllaDB
 
Brief introduction into SQL injection attack scenarios
Brief introduction into SQL injection attack scenariosBrief introduction into SQL injection attack scenarios
Brief introduction into SQL injection attack scenariosPayampardaz
 
Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Ashnikbiz
 
Can you keep a secret? (XP Days 2017)
Can you keep a secret? (XP Days 2017)Can you keep a secret? (XP Days 2017)
Can you keep a secret? (XP Days 2017)Valerii Moisieienko
 

Similar to Introduction to MariaDb (20)

Install ldap server
Install ldap serverInstall ldap server
Install ldap server
 
Southeast Linuxfest -- MySQL User Admin Tips & Tricks
Southeast Linuxfest -- MySQL User Admin Tips & TricksSoutheast Linuxfest -- MySQL User Admin Tips & Tricks
Southeast Linuxfest -- MySQL User Admin Tips & Tricks
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)
 
Mojo – Simple REST Server
Mojo – Simple REST ServerMojo – Simple REST Server
Mojo – Simple REST Server
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldap
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldap
 
Code your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnCode your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard Learn
 
Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7
 
MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016
 
3429 How to transform your messaging environment to a secure messaging envi...
3429 How to transform your messaging environment to a secure messaging envi...3429 How to transform your messaging environment to a secure messaging envi...
3429 How to transform your messaging environment to a secure messaging envi...
 
Rails Security
Rails SecurityRails Security
Rails Security
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
 
Creating Reusable Puppet Profiles
Creating Reusable Puppet ProfilesCreating Reusable Puppet Profiles
Creating Reusable Puppet Profiles
 
LASCON 2013 - AWS CLoud HSM
LASCON 2013 - AWS CLoud HSM LASCON 2013 - AWS CLoud HSM
LASCON 2013 - AWS CLoud HSM
 
Node.js API 서버 성능 개선기
Node.js API 서버 성능 개선기Node.js API 서버 성능 개선기
Node.js API 서버 성능 개선기
 
Welcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSWelcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWS
 
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
 
Brief introduction into SQL injection attack scenarios
Brief introduction into SQL injection attack scenariosBrief introduction into SQL injection attack scenarios
Brief introduction into SQL injection attack scenarios
 
Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1
 
Can you keep a secret? (XP Days 2017)
Can you keep a secret? (XP Days 2017)Can you keep a secret? (XP Days 2017)
Can you keep a secret? (XP Days 2017)
 

Recently uploaded

Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 

Recently uploaded (20)

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 

Introduction to MariaDb

  • 1. ‫امنیتی‬ ‫امکانات‬ MariaDB ‫شریف‬ ‫صنعتی‬ ‫دانشگاه‬ ‫داده‬ ‫پایگاه‬ ‫امنیت‬ ‫درس‬ ‫کالسی‬ ‫ارائه‬ ‫دهندگان‬ ‫ارائه‬ : ‫دارا‬ ‫بهزاد‬ – ‫رضایی‬ ‫اکبر‬ ‫علی‬ ‫درس‬ ‫استاد‬ : ‫نوگورانی‬ ‫دری‬ ‫صادق‬ ‫اول‬ ‫نیمسال‬ 14۰1 - 14۰۰
  • 2. ‫اندازی‬ ‫راه‬ ‫و‬ ‫نصب‬ MariaDB • Sudo apt update • Sudo apt install –y mariadb-server mariadb-client • Sudo systemctl status mariadb
  • 3. ‫به‬ ‫اتصال‬ MariaDB ‫ها‬ ‫دسترسی‬ ‫تعریف‬ ‫و‬ • Sudo mysql –y root –p • ‫داده‬ ‫پایگاه‬ ‫تعریف‬ : • Create database ‘dbname’ • Show database • ‫کاربر‬ ‫تعریف‬ : • Create user ‘username’@localhost identified by ‘password’ • select user from MySQL.user
  • 4. ‫به‬ ‫اتصال‬ MariaDB ‫ها‬ ‫دسترسی‬ ‫تعریف‬ ‫و‬ • ‫دسترسی‬ ‫تنظیم‬ ( : ‫دسترسی‬ ‫بدون‬ ،‫ساخت‬ ‫از‬ ‫بعد‬ ‫کاربر‬ ) • Grant all privileges on ‘dbname’.* To ‘username’@localhost • Flush privileges • Show grants for ‘username’@localhost
  • 5. ‫امنیتی‬ ‫ی‬ ‫اولیه‬ ‫تنظیمات‬ Sudo mysql-secure-installation • ‫هویت‬ ‫احراز‬ ‫نوع‬ ‫انتخاب‬ • ‫داده‬ ‫پایگاه‬ ‫روی‬ ‫پسورد‬ ‫تنظیم‬ • ‫مجاز‬ ‫غیر‬ ‫کاربران‬ ‫حذف‬ • ‫ریموت‬ ‫دسترسی‬ ‫کردن‬ ‫مجاز‬ ‫غیر‬ • ‫تستی‬ ‫داده‬ ‫پایگاه‬ ‫حذف‬ • ‫جداول‬ ‫مجدد‬ ‫بارگزاری‬
  • 6. ‫ی‬ ‫وسیله‬ ‫به‬ ‫امن‬ ‫اتصال‬ SSL • ‫تنظیمات‬ SSL • ‫روی‬ ‫کردن‬ ‫فعال‬ MariaDB • ‫اتصال‬ ‫برای‬ ‫کاربر‬ ‫تعریف‬
  • 8. USER MANAGEMENT • user management is critical to securing databases • mistakes and shorts can become prevalent, compromising security
  • 9. TOPICS • creating users • User privileges • Granting, revoking permissions • role-based access control • password validation • user resource limits
  • 10. Creating users • has the following pattern: CREATE [OR REPLACE] USER [IF NOT EXISTS] 'username'@'host_name' IDENTIFIED BY 'password'; • For each account, CREATE USER creates a new row in mysql.user
  • 11. Creating users - Host Name Component • the hostname of the computer which the user connects from • IP address of the computer that the user connects from • the network that the user connects from • to allow only local client connections, use 'localhost' • If the host name is not provided, it is assumed to be '%‘ Examples: CREATE USER 'boyd'@'%' IDENTIFIED BY 'bomber'; CREATE USER 'richard'@'powr.example.net' IDENTIFIED BY 'nuclear'; CREATE USER 'dallin'@'192.168.1.1' IDENTIFIED BY 'judge';
  • 12. Creating users - Authentication Plugin - ed25519: • The ed25519 authentication plugin uses Elliptic Curve Digital Signature Algorithm (ECDSA) • The ed25519 algorithm is the same one that is used by OpenSSH. • INSTALL SONAME 'auth_ed25519'; • Example: CREATE USER username@hostname IDENTIFIED VIA ed25519 USING PASSWORD('secret');
  • 13. Creating users - Authentication Plugin - PAM • A pluggable authentication module (PAM) is a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API) • INSTALL SONAME 'auth_pam'; • Example: CREATE USER ‘username’@’hostname’ IDENTIFIED VIA pam;
  • 14. Creating users - TLS Options: • You can set certain TLS-related restrictions for specific user accounts. For instance, you might use this with user accounts that require access to sensitive data while sending it across networks that you do not control. • can be enabled for a user account with the CREATE USER, ALTER USER statements
  • 15. Creating users - TLS Options Option Description REQUIRE NONE TLS is not required for this account, but can still be used. REQUIRE SSL The account must use TLS, but no valid X509 certificate is required. This option cannot be combined with other TLS options. REQUIRE X509 The account must use TLS and must have a valid X509 certificate. This option implies REQUIRE SSL. This option cannot be combined with other TLS options. REQUIRE ISSUER 'issuer' The account must use TLS and must have a valid X509 certificate. Also, the Certificate Authority must be the one specified via the string issuer. This option implies REQUIRE X509. This option can be combined with the SUBJECT, and CIPHER options in any order. REQUIRE SUBJECT 'subject' The account must use TLS and must have a valid X509 certificate. Also, the certificate's Subject must be the one specified via the string subject. This option implies REQUIRE X509. This option can be combined with the ISSUER, and CIPHER options in any order. REQUIRE CIPHER 'cipher' The account must use TLS, but no valid X509 certificate is required. Also, the encryption used for the connection must use a specific cipher method specified in the string cipher. This option implies REQUIRE SSL. This option can be combined with the ISSUER, and SUBJECT options in any order.
  • 16. Creating users - TLS Options • The REQUIRE keyword must be used only once for all specified options, and the AND keyword can be used to separate individual options, but it is not required • Example: CREATE USER 'alice'@'%' REQUIRE SUBJECT '/CN=alice/O=My Dom, Inc./C=US/ST=Oregon/L=Portland' AND ISSUER '/C=FI/ST=Somewhere/L=City/ O=Some Company/CN=Peter Parker/emailAddres s=p.parker@marvel.com' AND CIPHER 'SHA-DES-CBC3-EDH-RSA';
  • 17. Creating users - Resource Limit Options • MariaDB Platform can leverage user resource limits to stop and/or reduce the damage caused by an attacker who’s employing compromised user credentials.
  • 18. Creating users - Resource Limit Options Limit Type Decription MAX_QUERIES_PER_HOUR Number of statements that the account can issue per hour (including updates) MAX_UPDATES_PER_HOUR Number of updates (not queries) that the account can issue per hour MAX_CONNECTIONS_PER_HOUR Number of connections that the account can start per hour MAX_USER_CONNECTIONS Number of simultaneous connections that can be accepted from the same account; if it is 0, max_connections will be used instead; if max_connections is 0, there is no limit for this account's simultaneous connections. MAX_STATEMENT_TIME Timeout, in seconds, for statements executed by the user.
  • 19. Creating users - Resource Limit Options • Example: CREATE USER 'someone'@'localhost' WITH MAX_USER_CONNECTIONS 10 MAX_QUERIES_PER_HOUR 200;
  • 20. Creating users - Password Expiry • Example: ALTER USER 'monty'@'localhost' PASSWORD EXPIRE INTERVAL 120 DAY; CREATE USER 'monty'@'localhost' PASSWORD EXPIRE INTERVAL 120 DAY;
  • 21. DROP USER Example: DROP USER [IF EXISTS] user_name
  • 22. GRANT • The GRANT statement allows you to grant privileges or roles to accounts. GRANT priv_type ON priv_level TO ‘username’@’hostname’
  • 24. GRANT - Privilege Levels  Global privileges priv_type are granted using *.* for priv_level. Global privileges include privileges to administer the database and manage user accounts, as well as privileges for all tables, functions, and procedures. Global privileges are stored in the mysql.user table.  Database privileges priv_type are granted using db_name.* for priv_level, or using just * to use default database. Database privileges include privileges to create tables and functions, as well as privileges for all tables, functions, and procedures in the database. Database privileges are stored in the mysql.db table.  Table privileges priv_type are granted using db_name.tbl_name for priv_level, or using just tbl_name to specify a table in the default database. The TABLE keyword is optional. Table privileges include the ability to select and change data in the table. Certain table privileges can be granted for individual columns.  Column privileges priv_type are granted by specifying a table for priv_level and providing a column list after the privilege type. They allow you to control exactly which columns in a table users can select and change.  Function privileges priv_type are granted using FUNCTION db_name.routine_name for priv_level, or using just FUNCTION routine_name to specify a function in the default database.  Procedure privileges priv_type are granted using PROCEDURE db_name.routine_name for priv_level, or using just PROCEDURE routine_name to specify a procedure in the default database.
  • 25. GRANT Example: • GRANT SELECT,INSERT,UPDATE,DELETE ON serv.* TO 'jeffrey'@'localhost'; • GRANT SELECT ON edu.staff TO 'david'@'localhost' WITH GRANT OPTION; • GRANT ALL ON logan.* TO 'quentin'@'localhost' WITHMAX_QUERIES_PER_HOUR 100;
  • 26. REVOKE: • Example: REVOKE DELETE,GRANT OPTION ON cust.* FROM 'todd'@'%'; REVOKE ALL,GRANT OPTION FROM 'neil'@'%.example.com'; REVOKE priv_type ON priv_level FROM user
  • 27. RBAC: • created with the CREATE ROLE statement, and dropped with the DROP ROLE statement. • assigned to a user with an extension to the GRANT statement • Once a user has connected, he can obtain all privileges associated with a role by setting a role with the SET ROLE statement. • The CURRENT_ROLE function returns the currently set role for the session, if any.
  • 28. Password Validation Plugin • MariaDB comes with three password validation plugins — the simple_password_check plugin, the cracklib_password_check plugin and the password_reuse_check plugin. • They are not enabled by default • INSTALL SONAME 'simple_password_check';
  • 29. Reference: • https://en.wikipedia.org/wiki/MariaDB • https://phoenixnap.com/kb/how-to-create-mariadb-user-grant-privileges • https://www.alibabacloud.com/blog/how-to-secure-connections-to- mariadb-with-ssl-encryption_595079 • https://mariadb.com/kb/en/create-user/ • https://mariadb.com/kb/en/authentication-plugin- pam/#pam_google_authenticator • https://mariadb.com/kb/en/grant/#account-names