Database Reference
In-Depth Information
When we install MariaDB on a dedicated server then there is more that we have to
worry about. Servers are almost always multiuser, so as part of server security, we
need to know who can log in and most importantly, who has root or administrator
access. If we are the administrator of the machine, we can ensure that only those we
want to have access to the administrator or root have access. If we're using MariaDB
on a machine that our I. T. department gave us access to then we need to find out
who has access and what their rights are, if for no other reason so that we know who
has sufficient rights on the server to make changes that could be harmful.
Building security
We come to building security by continuing out to the next ring. All the protection
inside the server won't do us any good if the server decides to take a walk at three
in the morning. Just as we secure the inside of the server, we need to secure the
outside too.
Firstly, where is the server located? Is it in a common area where anyone in the office
could get to it? This could be bad on a number of levels, the first being that someone
could accidentally or on purpose cut power to it. We can mitigate external power
outages to some extent by installing battery backup units and such, but someone with
physical access to the machine can easily get around that and cut power to our servers.
To its credit, MariaDB—when we use a transactional or crash safe storage engine—
guards against losing or corrupting data in such cases, but at the very least, a surprise
power outage will disrupt every application that needs to talk to that database server.
If the server is in a locked room, we should find out who has access to the room.
Also consider the building. Most businesses and offices close at night—the building
or office is locked at closing time and opens again in the morning—however this is
not true for all businesses. For example, what if the server is located in the manager's
office of a 24x7 supermarket and the door to that office is always open or unlocked?
If so then we need to think about locking that door (automatically if people keep
forgetting to lock it), or getting a small lockable server cage installed which is bolted
to the wall or floor, or come up with some other way of securing the server.
An easy analogy is to treat a server like money. We use database servers to either save
money, generate income, or both, so the analogy is apt. If we would feel comfortable
leaving a large stack of money in the location our server is in, then it is probably a
pretty good place for our server (assuming there is power and adequate cooling).
