mysql入侵检测_MySQL数据库的安全机制分析与入侵检测开发

数据库与信息管理本栏目责任编辑：代 影 ComputerKnowledgeand Technology 电脑知识与技术第8卷第4期 (2012年2月) MySQL数据库的安全机制分析与入侵检测开发 迟美霞 (同济大学，上海201804) 摘要：针对MySQL开源数据库，具体分析其内部和外部的安全机制；重点分析了如何防止未经授权的文件系统访问和网络访问。通过与其他大型数据库的对比，指出MySQL数据库存在的不安全隐患；总结了各种漏洞的存在对系统构成的风险，并给出相应的防范对策。最后，在以MySQL为后台数据库的网络环境中，进行了针对多种漏洞的攻击实验。 关键词：数据库；安全机制；MySQL；漏洞检测；注入漏洞 中图分类号：TP311.13 文献标识码：A 文章编号：1009-3044(2012)04-0745-04 SafetyMechanismAnalysisofMySQLandIntrusionDetectionDevelopment CHI Mei-xia (Tongji University, Shanghai 201804, China) Abstract: The paper presents the open source database MySQL, about a detailed analysis of its internal and external security mechanism, for example, the user security mechanism, the security mechanism based on the authorized form, the settings and the structures of the autho⁃rized form, access mechanism, etc. Analysis focused on how to prevent unauthorized access to the file system and network access. And by contrast to other large-scale databases, it shows the hidden dangers that exist in the MySQL database. Then, it sums up the risks of a variety of loopholes and the corresponding preventive measures. Finally, it shows the experiments, which attack against all kinds of loopholes in the network environment based on MySQL. The results show that MySQL database can resist the attack after security settings and the input pa⁃rameters filtering. Keywords:database; security mechanism; MySQL; vulnerability detection; injection MySQL是一个快速的、多线程、多用户和健壮的SQL数据库服务器。MySQL的结构是C/S(即客户机/服务器)模式的，由一个服 务器守护程序mysqld和不同的客户程序以