1. Secure your server
\nMany known attacks are possible only once physically accessing a machine. For this reason, it is best to have the application server and the database server on different machines. If this is not possible, greater care must be taken, Otherwise, by executing remote commands via an application server, an attacker may be able to harm your database even without permissions. For this reason, any service running on the same machine as the database should be granted the lowest possible permission that still allows the service to operate.
\n2. Localhost Security or Disable or restrict remote access Consider whether MySQL will be retrieved from the system or directly accessed from its own server. On the off chance that remote access is utilized, guarantee that just characterized hosts can get to the server. This is commonly done through TCP wrappers, IP tables, or some other firewall programming or hardware accessibility tools. skip-networking The document is situated in the \"C:\\Program Files\\MySQL\\MySQL Server 5.1\" catalog on the Windows operating system or \"/etc/my.cnf\" or \"/etc/mysql/my.cnf\" on Linux. Another possible solution is to force MySQL to listen only to the localhost by adding the following line in the [mysqld] section of my.cnfbind-address=127.0.0.1 3. Disable the use of LOCAL INFILE The next change is to disable the use of the \"LOAD DATA LOCAL INFILE\" command, which will help to keep unapproved perusing from neighborhood records. This is particularly vital when new SQL Injection vulnerabilities in PHP applications are found. Or even significantly less difficult: To disable the usage of the \"LOCAL INFILE\" command, the following parameter should be added in the [mysqld] section of the MySQL configuration file. 4. Change root username and password, keep them strong. The default administrator username on the MySQL server is \"root\". Hackers often attempt to gain access to its permissions. To make this task harder, rename \"root\" to something else and provide it with a long, complex alphanumeric password. To rename the administrator’s username, use the rename command in the MySQL console: The MySQL \"RENAME USER\" command first appeared in MySQL version 5.0.2. If you use an older version of MySQL, you can use other commands to rename a user: To change a user’s password, use the following command-line command: It is also possible to change the password using the \"mysqladmin\" utility: 5. Remove the \"Test\" database MySQL comes with a \"test\" database intended as a test space. It can be accessed by the anonymous user, and is therefore used by numerous attacks. Or use the \"mysqladmin\" command: 6. Remove Anonymous and outdated accounts The MySQL database comes with some anonymous users with blank passwords. As a result, anyone can connect to the database to check whether this is the case, do the following: In a secure system, no lines should be echoed back. Another way to do the same: If the grants exist, then anybody can access the database and at least use the default database\"test\". Check this with: To remove the account, execute the following command: The MySQL \"DROP USER\" command is supported starting with MySQL version 5.0. If you use an older version of MySQL, you can remove the account as follows: 7. Increase security with Role Based Access Control A very common database security recommendation is to lower the permissions given to various parties. MySQL is no different. Typically, when developers work, they use the system's maximum permission and give less consideration to permission principles than we might expect. This practice can expose the database to significant risk. In addition, ensure that only the user \"mysql\" and \"root\" have access to the directory 8. Keep a check on database privileges Operating system permissions were fixed in the preceding section. Now let’s talk about database permissions. In most cases, there is an administrator user (the renamed \"root\") and one or more actual users who coexist in the database. Usually, the \"root\" has nothing to do with the data in the database; instead, it is used to maintain the server and its tables, to give and revoke permissions, etc. Only administrator accounts needs to be granted the SUPER / PROCESS /FILE privileges and access to the mysql database. Usually, it is a good idea to lower the administrator’s permissions for accessing the data. Review the privileges of the rest of the users and ensure that these are set appropriately. This can be done using the following steps. [Identify users] [List grants of all users] The above statement has to be executed for each user ! Note that only users who really need root privileges should be granted them. Another interesting privilege is \"SHOW DATABASES\". By default, the command can be used by everyone having access to the MySQL prompt. They can use it to gather information (e.g., getting database names) before attacking the database by, for instance, stealing the data. To prevent this, it is recommended that you follow the procedures described below. To disable the usage of the \"SHOW DATABASES\" command, the following parameter should be added in the [mysqld] section of the [mysqld] 9. Enable Logging If your database server does not execute many queries, it is recommended that you enable transaction logging, by adding the following line to [mysqld] section of the [mysqld] This is not recommended for heavy production MySQL servers because it causes high overhead on the server. Error logEnsure only \"root\" and \"mysql\" have access to the log file \"hostname.err\". The file is stored in the mysql data directory. This file contains very sensitive information such as passwords, addresses, table names, stored procedure names and code parts. It can be used for information gathering, and in some cases, can provide the attacker with the information needed to exploit the database, the machine on which the database is installed, or the data inside it. MySQL logEnsure only \"root\" and \"mysql\" have access to the logfile \"logfile XY\". The file is stored in the mysql data directory. 10. Change the root directory A chroot on UNIX {operating system} operating systems is an operation that changes the apparent disk root directory for the present running method and its children. A program that's re-rooted to a different directory cannot access or name files outside that directory, and therefore the directory is named a \"chroot jail\" or (less commonly) a \"chroot prison\". By using the chroot environment, the write access of the mySQL processes (and child processes) can be limited, increasing the security of the server. Ensure that a dedicated directory exists for the chrooted environment. This should be something like: [client] Thanks to that line of code, there will be no need to supply the mysql, mysqladmin, mysqldump etc. commands with the 11. Delete old logs regularly During the installation procedures, there's plenty of sensitive data which will assist unwelcome users to assault a database. This data is kept within the server’s history and might be terribly useful if one thing goes wrong during the installation. By analyzing the history files, administrators can figure out what has gone wrong and probably fix things up. However, these files are not needed after installation is complete. In conclusion,we should emphasize on database security. However it should be the first thing for any individual or a company. Index is a typical way to speed-up queries in normal database system. There is no difference between MongoDB and a document-based database system. This article gives insight about the index in MongoDB, for query optimization. _id is an ObjectId object, 12-byte BSON type that guarantees uniqueness within the collection. The ObjectId is generated based on timestamp, machine ID, process ID, and a process-local incremental counter. For a single-field index and sort operations, the sort order (i.e. ascending or descending) of the index key does not matter because MongoDB can traverse the index in either direction. The value of index is the type of index. For example, 1 indicates ascending order and -1 specifies the descending order. Compound Field The order of fields listed in a compound index has significance. For instance, if a compound index consists of { userid: 1, score: -1 }, the index sorts first by userid and then, within each userid value, sorts by score. Multiple Key MongoDB uses multiple index to index the content in an array. MongoDB creates separate index entries for every element of the array. You do not need explicitly create multiple key. A collection can have at most one text index. Query content by its hashed value. The hash is a function to computed by its value. The hashed value is designed to be distinct value. The one advantage is it is so quick, which take O(1) at most but by contract the normal binary search tree will take O(Log(N)). Hash will be theoretically quicker than normal binary search tree implementation. But the disadvantage is hash index performing range search will be extremely slowly than normal index. This an example in python to build a hash index Today in the market various type of Database options are available like RDBMS, NoSQL, Big Data, Database Appliance, etc. developers can get very confused with all the choice. They do not understand why they should consider a newer, alternative database when RDBMSs have been around for 25+ years. However, many big enterprises are already using alternative databases and are saving money, innovating more quickly, and completing projects. Relational Database Management System (RDBMS) RDBMS Database is a relational database. It is the standard language for relational database management systems.Data is stored in the form of rows and columns in RDBMS. The relations among tables are also stored in the form of the table SQL (Structured query Language) is a programming language used to perform tasks such as update data on a database, or to retrieve data from a database. Some common relational database management systems that use SQL are: Oracle, Sybase, Microsoft SQL Server, Access, etc. Features Of RDBMS Limitations for SQL database Scalability: Users have to scale relational database on powerful servers that are expensive and difficult to handle. To scale relational database it has to be distributed on to multiple servers. Handling tables across different servers is difficult . Complexity: In SQL server’s data has to fit into tables anyhow. If your data doesn’t fit into tables, then you need to design your database structure that will be complex and again difficult to handle. NoSQL NoSQL commonly referred to as “Not Only SQL”. With NoSQL, unstructured ,schema less data can be stored in multiple collections and nodes and it does not require fixed table sachems, it supports limited join queries , and we scale it horizontally. Benefits of NoSQL highly and easily scalable Relational database or RDBMS databases are vertically Scalable When load increase on RDBMS database then we scale database by increasing server hardware power ,need to by expensive and bigger servers and NoSQL databases are designed to expand horizontally and in Horizontal scaling means that you scale by adding more machines into your pool of resources. Maintaining NoSQL Servers is Less Expensive Maintaining high-end RDBMS systems is expensive and need trained manpower for database management but NoSQL databases require less management. it support many Features like automatic repair, easier data distribution, and simpler data models make administration and tuning requirements lesser in NoSQL. Lesser Server Cost and open-Source NoSQL databases are cheap and open source. NoSql database implementation is easy and typically uses cheap servers to manage the exploding data and transaction while RDBMS databases are expensive and it uses big servers and storage systems. So the storing and processing data cost per gigabyte in the case of NoSQL can be many times lesser than the cost of RDBMS. No Schema or Fixed Data model NoSQL database is schema less so Data can be inserted in a NoSQL database without any predefined schema. So the format or data model can be changed any time, without application disruption.and change management is a big headache in SQL. Support Integrated Caching NoSQL database support caching in system memory so it increase data output performance and SQL database where this has to be done using separate infrastructure. Limitations & disadvantage of NoSQL Conclusion RDBMS and NoSQL both dbs are great in data management and both are used to keep data storage and retrieval optimized and smooth. It’s hard to say which technology is better so developer take decision according requirement and situations
\nTo confine MySQL from opening a network socket, the accompanying parameter ought to be included in the [mysqld] area of my.cnf or my.ini:
\nThis line cripples the start of systems administration in the middle of MySQL startup. It would be ideal if you bear in mind that a local connection can be used set up a connection to the MySQL server.
\nYou may not be willing to incapacitate system access to your database server if clients in your organization interface with the server from their machines or the web server introduced on an alternate machine. In that case, the following restrictive grant syntax should be considered:
\nmysql> GRANT SELECT, INSERT ON mydb.\\* TO 'someuser'@'somehost';
\nIn addition, in certain cases, the \"LOCAL INFILE\" command can be used to gain access to other files on the operating system, for instance \"/etc/passwd\", using the following command:
\nmysql> LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE table1
\nmysql> SELECT load\\_file("/etc/passwd")
\nset-variable=local-infile=0
\nmysql> RENAME USER root TO new\\_user;
\nmysql> use mysql;\n\nmysql> update user set user="new\\_user" where user="root";\n\nmysql> flush privileges;
\nmysql> SET PASSWORD FOR 'username'@'%hostname' = PASSWORD('newpass');
\nshell> mysqladmin -u username -p password newpass
\nTo remove this database, use the drop command as follows:
\nmysql> drop database test;
\nshell> mysqladmin -u username -p drop test
\nmysql> select \\* from mysql.user where user="";
\nmysql> SHOW GRANTS FOR ''@'localhost';\n\nmysql> SHOW GRANTS FOR ''@'myhost';
\nshell> mysql -u blablabla
\nmysql> DROP USER "";
\nmysql> use mysql;\n\nmysql> DELETE FROM user WHERE user="";\n\nmysql> flush privileges;
\n* Any new MySQL 5.x installation already installed using the correct security measures.
\nTo protect your database, make sure that the file directory in which the MySQL database is actually stored is owned by the user \"mysql\" and the group \"mysql\".
\nshell>ls -l /var/lib/mysql/var/lib/mysql.
\nThe mysql binaries, which reside under the /usr/bin/ directory, should be owned by \"root\" or the specific system \"mysql\" user. Other users should not have write access to these files.
\nshell>ls -l /usr/bin/my\\*
\nOn the other hand, some user ids are used to access the data, such as the user id assigned to the web server to execute \"select\\update\\insert\\delete\" queries and to execute stored procedures. In most cases, no other users are necessary; however, only you, as a system administrator can really know your application’s needs.
\nmysql> use mysql;
\nmysql> select \\* from users;
\nmysql> show grants for ‘root’@’localhost’;\n
\n/etc/my.cnf:
\nskip-show-database /etc/my.cnf file:
\nlog =/var/log/mylogfile
\nIn addition, verify that only the \"root\" and \"mysql\" ids have access to these logfiles (at least write access)./chroot/mysql In addition, to make the use of the database administrative tools convenient, the following parameter should be changed in the [client] section of MySQL configuration file:
\nsocket = /chroot/mysql/tmp/mysql.sock--socket=/chroot/mysql/tmp/mysql.sock parameter every time these tools are run.
\nWe should remove the content of the MySQL history file (~/.mysql_history), wherever all dead SQL commands are kept (especially passwords, that are kept as plain text):
\ncat /dev/null > ~/.mysql\\_historyIndex in Mongo:
\nDefault
\nSingle Field
\n
\ndb.friends.createIndex( { "name" : 1 } )\n
\ndb.products.createIndex( { "item": 1, "stock": 1 } )\n
Text Index
\n
\nPerformance cost for text index:
\ntext indexes can be large. They contain one index entry for each unique post-stemmed word in each indexed field for each document inserted.
\ntext indexes will impact insertion throughput because MongoDB must add an index entry for each unique post-stemmed word in each indexed field of each new source document.
\ndb.reviews.createIndex( { comments: "text" } )Hash index
\n
\n","frontmatter":{"date":"September 01, 2015","updated_date":null,"title":"Index in MongoDB","tags":["MongoDB","Database"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/37f07a89ba1a1b4fd56cbd7c0548d86a/ee604/mongo-db-index1.png","srcSet":"/static/37f07a89ba1a1b4fd56cbd7c0548d86a/69585/mongo-db-index1.png 200w,\n/static/37f07a89ba1a1b4fd56cbd7c0548d86a/497c6/mongo-db-index1.png 400w,\n/static/37f07a89ba1a1b4fd56cbd7c0548d86a/ee604/mongo-db-index1.png 800w,\n/static/37f07a89ba1a1b4fd56cbd7c0548d86a/f3583/mongo-db-index1.png 1200w,\n/static/37f07a89ba1a1b4fd56cbd7c0548d86a/196bc/mongo-db-index1.png 1278w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Mark Duan","github":null,"avatar":null}}}},{"node":{"fields":{"slug":"/engineering/relational-database-management-system-rdbms-vs-nosql/"},"html":"db.active.createIndex( { a: "hashed" } )\n
\n\n
\n