MySQL configuration for security

fuþark started an interesting discussion on the possibilities of a MySQL worm ... not wanting to get embroiled in the technicalities I was struck by the sense of his suggestions for administrators securing their installations and so I've reproduced them here for future reference:

1. It's obvious but probably still has to be stressed again: Disable all default accounts on any installation immediately (yes, even if those default accounts wouldn't allow for a remote connection) and follow the next rules even if you just set up a test account (yes, even if your server is currently not connected to the Internet). You never know what your server might be used for in the future and what you then might to forget to adjust.
2. Use strong passwords for any account.
3. Preferably also use stronger user names for your administrative accounts, root and admin are probably the first ones to be tried.
4. Disable network access to MySQL completely if you don't need it (add skip-networking to your my.cnf file).
5. Use the host feature of the MySQL GRANTs system to restrict any account to the source addresses it really needs.
6. Never allow an administrative account (with the SUPER privilege or write access to the mysql system database) to be connected to from any remote host (%).
7. If your MySQL port has to be open to the Internet, always use a firewall that restricts access to it by source addresses.

(http://www.futhark.ch/mysql/150.html)

Climate of fear?

The BBC's report of a "bat box" being investigated by bomb squad was not a case of mistaken identity (it looked like a bomb!) but fear-induced over-sensitivity (terrorists want to blow-up the UK ... it might be a bomb!)

Oddly, something similar's happening where I work: several people have commented to me recently (post-Virginia Tech. and UK knife attacks) that it's only a matter of time before a member of staff is seriously injured. Is that an exaggerated concern? We have seen an apparent rise in aggressive behaviour by students but will it escalate to the point where weapons are involved or permanent harm is done? I hope not — we have administrative staff in vulnerable positions (evidence: most student-facing office redesigns incorporate mechanisms to keep students physically separate from staff. How long 'til we have glass screens and speakerphones?) and lecturers in solo offices (like me) seem most vulnerable to attack.

Personally I don't feel under threat,. Perhaps I'm just naïve, but I can't envisage one of our students pre-meditatedly attacking me over a failing grade or harsh feedback. However maybe we do need better/more/some! training in dealing with stressful situations: impulse attacks are less to be feared if you can defuse the situation.

I hope we don't end up with metal-detectors: whilst you might feel safe being assured that students aren't carrying weapons, a person who might have been willing to pull a knife in a difficult situation is just as likely to grab a stapler, letter-opener, etc ... blimey, a pen can be an effective weapon and we want students to have them!

MySQL and Flickr

...an excellent example of using MySQL and a distributed DB strategy (not a DDBMS) by Flickr ... wish I'd seen it a month ago!

Web design profession survey

A list apart has produced a survey asking questions of "our" profession (I count myself as an educator of web professionals and, by association, one of 'em!) ... fill it in and await the results ;-)

Minutes to Midnight

Eagerly-anticipated (by me, anyway!) new album from Linkin Park ... a bit concerned about the fact that (according to their press) the album takes a more melodic and progressive direction than its predecessors, with the band utilising new instruments and recording techniques ... nu-prog-metal? say it ain't so! ;-)

The IQ speed bump

From a friend observing a chat session:

Some people should not be allowed on the internet! Observe:

dftpnkezln:

For all of you reporting a score more than 100 as you iq lol @ you. How can you possibly score more than 100%?

dftpnkezln:

I'm very happy with my score of 89.