diff options
author | lpsolit%gmail.com <> | 2009-08-18 13:01:16 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2009-08-18 13:01:16 +0200 |
commit | d747fb6ff7493acf3c60ca71441caa18a31127ee (patch) | |
tree | de5a9425ed07e54e7a6b8128a586f4219f0f310f /docs/en | |
parent | 9ced0509261dacaa617c39d32ed2c2a4297f0cb2 (diff) | |
download | bugzilla-d747fb6ff7493acf3c60ca71441caa18a31127ee.tar.gz bugzilla-d747fb6ff7493acf3c60ca71441caa18a31127ee.tar.xz |
Bug 510496: Recommend the admin to run mysql_secure_installation rather than playing with command lines - Patch by Frédéric Buclin <LpSolit@gmail.com> r=dkl
Diffstat (limited to 'docs/en')
-rw-r--r-- | docs/en/xml/glossary.xml | 3 | ||||
-rw-r--r-- | docs/en/xml/installation.xml | 28 | ||||
-rw-r--r-- | docs/en/xml/security.xml | 91 |
3 files changed, 23 insertions, 99 deletions
diff --git a/docs/en/xml/glossary.xml b/docs/en/xml/glossary.xml index 5b6d1a6e7..127b94038 100644 --- a/docs/en/xml/glossary.xml +++ b/docs/en/xml/glossary.xml @@ -306,8 +306,7 @@ <varlistentry> <term><ulink url="http://www.mysql.com/doc/en/Privilege_system.html">Privilege System</ulink></term> <listitem> - <para>Much more detailed information about the suggestions in - <xref linkend="security-mysql"/>. + <para>Information about how to protect your MySQL server. </para> </listitem> </varlistentry> diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index c14e69819..7ae08a5a8 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -1,5 +1,5 @@ <!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> --> -<!-- $Id: installation.xml,v 1.170 2009/08/13 21:43:13 lpsolit%gmail.com Exp $ --> +<!-- $Id: installation.xml,v 1.171 2009/08/18 11:01:17 lpsolit%gmail.com Exp $ --> <chapter id="installing-bugzilla"> <title>Installing Bugzilla</title> @@ -735,9 +735,23 @@ <caution> <para> - MySQL's default configuration is very insecure. - <xref linkend="security-mysql"/> has some good information for - improving your installation's security. + MySQL's default configuration is insecure. + We highly recommend to run <filename>mysql_secure_installation</filename> + on Linux or the MySQL installer on Windows, and follow the instructions. + Important points to note are: + <orderedlist> + <listitem> + <para>Be sure that the root account has a secure password set.</para> + </listitem> + <listitem> + <para>Do not create an anonymous account, and if it exists, say "yes" + to remove it.</para> + </listitem> + <listitem> + <para>If your web server and MySQL server are on the same machine, + you should disable the network access.</para> + </listitem> + </orderedlist> </para> </caution> @@ -745,11 +759,11 @@ <title>Allow large attachments and many comments</title> <para>By default, MySQL will only allow you to insert things - into the database that are smaller than 64KB. Attachments + into the database that are smaller than 1MB. Attachments may be larger than this. Also, Bugzilla combines all comments on a single bug into one field for full-text searching, and the - combination of all comments on a single bug are very likely to - be larger than 64KB.</para> + combination of all comments on a single bug could in some cases + be larger than 1MB.</para> <para>To change MySQL's default, you need to edit your MySQL configuration file, which is usually <filename>/etc/my.cnf</filename> diff --git a/docs/en/xml/security.xml b/docs/en/xml/security.xml index f1835a333..61bc5b179 100644 --- a/docs/en/xml/security.xml +++ b/docs/en/xml/security.xml @@ -1,5 +1,5 @@ <!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> --> -<!-- $Id: security.xml,v 1.19 2008/05/21 00:01:04 lpsolit%gmail.com Exp $ --> +<!-- $Id: security.xml,v 1.20 2009/08/18 11:01:18 lpsolit%gmail.com Exp $ --> <chapter id="security"> <title>Bugzilla Security</title> @@ -80,96 +80,7 @@ </section> </section> - - - - <section id="security-mysql"> - <title>MySQL</title> - - <section id="security-mysql-account"> - <title>The MySQL System Account</title> - - <para>As mentioned in <xref linkend="security-os-accounts"/>, the MySQL - daemon should run as a non-privileged, unique user. Be sure to consult - the MySQL documentation or the documentation that came with your system - for instructions. - </para> - </section> - - <section id="security-mysql-root"> - <title>The MySQL <quote>root</quote> and <quote>anonymous</quote> Users</title> - - <para>By default, MySQL comes with a <quote>root</quote> user with a - blank password and an <quote>anonymous</quote> user, also with a blank - password. In order to protect your data, the <quote>root</quote> user - should be given a password and the anonymous user should be disabled. - </para> - - <example id="security-mysql-account-root"> - <title>Assigning the MySQL <quote>root</quote> User a Password</title> - - <screen> -<prompt>bash$</prompt> mysql mysql -<prompt>mysql></prompt> UPDATE user SET password = password('<replaceable>new_password</replaceable>') WHERE user = 'root'; -<prompt>mysql></prompt> FLUSH PRIVILEGES; - </screen> - </example> - - <example id="security-mysql-account-anonymous"> - <title>Disabling the MySQL <quote>anonymous</quote> User</title> - <screen> -<prompt>bash$</prompt> mysql -u root -p mysql <co id="security-mysql-account-anonymous-mysql"/> -<prompt>Enter Password:</prompt> <replaceable>new_password</replaceable> -<prompt>mysql></prompt> DELETE FROM user WHERE user = ''; -<prompt>mysql></prompt> FLUSH PRIVILEGES; - </screen> - <calloutlist> - <callout arearefs="security-mysql-account-anonymous-mysql"> - <para>This command assumes that you have already completed - <xref linkend="security-mysql-account-root"/>. - </para> - </callout> - </calloutlist> - </example> - - </section> - - <section id="security-mysql-network"> - <title>Network Access</title> - - <para>If MySQL and your web server both run on the same machine and you - have no other reason to access MySQL remotely, then you should disable - the network access. This, along with the suggestion in - <xref linkend="security-os-ports"/>, will help protect your system from - any remote vulnerabilities in MySQL. - </para> - - <example id="security-mysql-network-ex"> - <title>Disabling Networking in MySQL</title> - - <para>Simply enter the following in <filename>/etc/my.cnf</filename>: - <screen> -[mysqld] -# Prevent network access to MySQL. -skip-networking - </screen> - </para> - </example> - - </section> - -<!-- For possible addition in the future: How to better control the bugs user - <section id="security-mysql-bugs"> - <title>The bugs User</title> - - </section> ---> - - </section> - - - <section id="security-webserver"> <title>Web server</title> |