From d747fb6ff7493acf3c60ca71441caa18a31127ee Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Tue, 18 Aug 2009 11:01:16 +0000 Subject: Bug 510496: Recommend the admin to run mysql_secure_installation rather than playing with command lines - Patch by Frédéric Buclin r=dkl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/en/xml/glossary.xml | 3 +- docs/en/xml/installation.xml | 28 ++++++++++---- docs/en/xml/security.xml | 91 +------------------------------------------- 3 files changed, 23 insertions(+), 99 deletions(-) diff --git a/docs/en/xml/glossary.xml b/docs/en/xml/glossary.xml index 5b6d1a6e7..127b94038 100644 --- a/docs/en/xml/glossary.xml +++ b/docs/en/xml/glossary.xml @@ -306,8 +306,7 @@ Privilege System - Much more detailed information about the suggestions in - . + Information about how to protect your MySQL server. diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index c14e69819..7ae08a5a8 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -1,5 +1,5 @@ - + Installing Bugzilla @@ -735,9 +735,23 @@ - MySQL's default configuration is very insecure. - has some good information for - improving your installation's security. + MySQL's default configuration is insecure. + We highly recommend to run mysql_secure_installation + on Linux or the MySQL installer on Windows, and follow the instructions. + Important points to note are: + + + Be sure that the root account has a secure password set. + + + Do not create an anonymous account, and if it exists, say "yes" + to remove it. + + + If your web server and MySQL server are on the same machine, + you should disable the network access. + + @@ -745,11 +759,11 @@ Allow large attachments and many comments By default, MySQL will only allow you to insert things - into the database that are smaller than 64KB. Attachments + into the database that are smaller than 1MB. Attachments may be larger than this. Also, Bugzilla combines all comments on a single bug into one field for full-text searching, and the - combination of all comments on a single bug are very likely to - be larger than 64KB. + combination of all comments on a single bug could in some cases + be larger than 1MB. To change MySQL's default, you need to edit your MySQL configuration file, which is usually /etc/my.cnf diff --git a/docs/en/xml/security.xml b/docs/en/xml/security.xml index f1835a333..61bc5b179 100644 --- a/docs/en/xml/security.xml +++ b/docs/en/xml/security.xml @@ -1,5 +1,5 @@ - + Bugzilla Security @@ -80,96 +80,7 @@ - - - -
- MySQL - -
- The MySQL System Account - - As mentioned in , the MySQL - daemon should run as a non-privileged, unique user. Be sure to consult - the MySQL documentation or the documentation that came with your system - for instructions. - -
- -
- The MySQL <quote>root</quote> and <quote>anonymous</quote> Users - - By default, MySQL comes with a root user with a - blank password and an anonymous user, also with a blank - password. In order to protect your data, the root user - should be given a password and the anonymous user should be disabled. - - - - Assigning the MySQL <quote>root</quote> User a Password - - -bash$ mysql mysql -mysql> UPDATE user SET password = password('new_password') WHERE user = 'root'; -mysql> FLUSH PRIVILEGES; - - - - - Disabling the MySQL <quote>anonymous</quote> User - -bash$ mysql -u root -p mysql -Enter Password: new_password -mysql> DELETE FROM user WHERE user = ''; -mysql> FLUSH PRIVILEGES; - - - - This command assumes that you have already completed - . - - - - - -
- -
- Network Access - - If MySQL and your web server both run on the same machine and you - have no other reason to access MySQL remotely, then you should disable - the network access. This, along with the suggestion in - , will help protect your system from - any remote vulnerabilities in MySQL. - - - - Disabling Networking in MySQL - - Simply enter the following in /etc/my.cnf: - -[mysqld] -# Prevent network access to MySQL. -skip-networking - - - - -
- - - -
- - -
Web server -- cgit v1.2.3-24-g4f1b