[debian-mysql] MySQL "hardening?"
Norvald H. Ryeng
norvald.ryeng at oracle.com
Fri Apr 17 11:09:37 UTC 2015
On Wed, 15 Apr 2015 22:48:00 +0200, Ralf G. R. Bergs <Ralf at bergs.biz>
wrote:
> Hi Norvald.
>
> Thanks for your reply.
>
> On 13.04.2015 15:26, Norvald H. Ryeng wrote:
>
>>> Thanks. But I was hoping that you guys documented somewhere which
>>> improvements (if any) you might have performed compared to the original
>>> "factory" default config. So that I can sell this as an "extra" to our
>>> security guys who are asking for what kind of hardening Debian do...
>>
>> It depends on what you mean by factory default.
>
> With factory default I mean everything that defines the behavior of the
> product "as per the factory," i. e. both hard-coded defaults in the code
> and config.
>
> Example: Oracle have certain defaults hard-coded in the code, and you
> change them to make MySQL safer. That would be /one/ facet of what I'm
> after.
There are a few changes to compiled-in defaults, but nothing security
related.
MySQL in Debian is linked with libwrap, while upstream isn't.
>
> Another example: Oracle deliver a factory my.cnf, and you enhance it by
> making permissions tighter. That would be another thing that would be
> interesting for me.
They're pretty much the same.
Regards,
Norvald
More information about the pkg-mysql-maint
mailing list