aboutsummaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2009-08-18 11:01:16 +0000
committerlpsolit%gmail.com <>2009-08-18 11:01:16 +0000
commitd747fb6ff7493acf3c60ca71441caa18a31127ee (patch)
treede5a9425ed07e54e7a6b8128a586f4219f0f310f /docs
parent9ced0509261dacaa617c39d32ed2c2a4297f0cb2 (diff)
downloadbugs-d747fb6ff7493acf3c60ca71441caa18a31127ee.tar
bugs-d747fb6ff7493acf3c60ca71441caa18a31127ee.tar.gz
bugs-d747fb6ff7493acf3c60ca71441caa18a31127ee.tar.bz2
bugs-d747fb6ff7493acf3c60ca71441caa18a31127ee.tar.xz
bugs-d747fb6ff7493acf3c60ca71441caa18a31127ee.zip
Bug 510496: Recommend the admin to run mysql_secure_installation rather than playing with command lines - Patch by Frédéric Buclin <LpSolit@gmail.com> r=dkl
Diffstat (limited to 'docs')
-rw-r--r--docs/en/xml/glossary.xml3
-rw-r--r--docs/en/xml/installation.xml28
-rw-r--r--docs/en/xml/security.xml91
3 files changed, 23 insertions, 99 deletions
diff --git a/docs/en/xml/glossary.xml b/docs/en/xml/glossary.xml
index 5b6d1a6e7..127b94038 100644
--- a/docs/en/xml/glossary.xml
+++ b/docs/en/xml/glossary.xml
@@ -306,8 +306,7 @@
<varlistentry>
<term><ulink url="http://www.mysql.com/doc/en/Privilege_system.html">Privilege System</ulink></term>
<listitem>
- <para>Much more detailed information about the suggestions in
- <xref linkend="security-mysql"/>.
+ <para>Information about how to protect your MySQL server.
</para>
</listitem>
</varlistentry>
diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml
index c14e69819..7ae08a5a8 100644
--- a/docs/en/xml/installation.xml
+++ b/docs/en/xml/installation.xml
@@ -1,5 +1,5 @@
<!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> -->
-<!-- $Id: installation.xml,v 1.170 2009/08/13 21:43:13 lpsolit%gmail.com Exp $ -->
+<!-- $Id: installation.xml,v 1.171 2009/08/18 11:01:17 lpsolit%gmail.com Exp $ -->
<chapter id="installing-bugzilla">
<title>Installing Bugzilla</title>
@@ -735,9 +735,23 @@
<caution>
<para>
- MySQL's default configuration is very insecure.
- <xref linkend="security-mysql"/> has some good information for
- improving your installation's security.
+ MySQL's default configuration is insecure.
+ We highly recommend to run <filename>mysql_secure_installation</filename>
+ on Linux or the MySQL installer on Windows, and follow the instructions.
+ Important points to note are:
+ <orderedlist>
+ <listitem>
+ <para>Be sure that the root account has a secure password set.</para>
+ </listitem>
+ <listitem>
+ <para>Do not create an anonymous account, and if it exists, say "yes"
+ to remove it.</para>
+ </listitem>
+ <listitem>
+ <para>If your web server and MySQL server are on the same machine,
+ you should disable the network access.</para>
+ </listitem>
+ </orderedlist>
</para>
</caution>
@@ -745,11 +759,11 @@
<title>Allow large attachments and many comments</title>
<para>By default, MySQL will only allow you to insert things
- into the database that are smaller than 64KB. Attachments
+ into the database that are smaller than 1MB. Attachments
may be larger than this. Also, Bugzilla combines all comments
on a single bug into one field for full-text searching, and the
- combination of all comments on a single bug are very likely to
- be larger than 64KB.</para>
+ combination of all comments on a single bug could in some cases
+ be larger than 1MB.</para>
<para>To change MySQL's default, you need to edit your MySQL
configuration file, which is usually <filename>/etc/my.cnf</filename>
diff --git a/docs/en/xml/security.xml b/docs/en/xml/security.xml
index f1835a333..61bc5b179 100644
--- a/docs/en/xml/security.xml
+++ b/docs/en/xml/security.xml
@@ -1,5 +1,5 @@
<!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> -->
-<!-- $Id: security.xml,v 1.19 2008/05/21 00:01:04 lpsolit%gmail.com Exp $ -->
+<!-- $Id: security.xml,v 1.20 2009/08/18 11:01:18 lpsolit%gmail.com Exp $ -->
<chapter id="security">
<title>Bugzilla Security</title>
@@ -80,96 +80,7 @@
</section>
</section>
-
-
-
- <section id="security-mysql">
- <title>MySQL</title>
-
- <section id="security-mysql-account">
- <title>The MySQL System Account</title>
-
- <para>As mentioned in <xref linkend="security-os-accounts"/>, the MySQL
- daemon should run as a non-privileged, unique user. Be sure to consult
- the MySQL documentation or the documentation that came with your system
- for instructions.
- </para>
- </section>
-
- <section id="security-mysql-root">
- <title>The MySQL <quote>root</quote> and <quote>anonymous</quote> Users</title>
-
- <para>By default, MySQL comes with a <quote>root</quote> user with a
- blank password and an <quote>anonymous</quote> user, also with a blank
- password. In order to protect your data, the <quote>root</quote> user
- should be given a password and the anonymous user should be disabled.
- </para>
-
- <example id="security-mysql-account-root">
- <title>Assigning the MySQL <quote>root</quote> User a Password</title>
-
- <screen>
-<prompt>bash$</prompt> mysql mysql
-<prompt>mysql&gt;</prompt> UPDATE user SET password = password('<replaceable>new_password</replaceable>') WHERE user = 'root';
-<prompt>mysql&gt;</prompt> FLUSH PRIVILEGES;
- </screen>
- </example>
-
- <example id="security-mysql-account-anonymous">
- <title>Disabling the MySQL <quote>anonymous</quote> User</title>
- <screen>
-<prompt>bash$</prompt> mysql -u root -p mysql <co id="security-mysql-account-anonymous-mysql"/>
-<prompt>Enter Password:</prompt> <replaceable>new_password</replaceable>
-<prompt>mysql&gt;</prompt> DELETE FROM user WHERE user = '';
-<prompt>mysql&gt;</prompt> FLUSH PRIVILEGES;
- </screen>
- <calloutlist>
- <callout arearefs="security-mysql-account-anonymous-mysql">
- <para>This command assumes that you have already completed
- <xref linkend="security-mysql-account-root"/>.
- </para>
- </callout>
- </calloutlist>
- </example>
-
- </section>
-
- <section id="security-mysql-network">
- <title>Network Access</title>
-
- <para>If MySQL and your web server both run on the same machine and you
- have no other reason to access MySQL remotely, then you should disable
- the network access. This, along with the suggestion in
- <xref linkend="security-os-ports"/>, will help protect your system from
- any remote vulnerabilities in MySQL.
- </para>
-
- <example id="security-mysql-network-ex">
- <title>Disabling Networking in MySQL</title>
-
- <para>Simply enter the following in <filename>/etc/my.cnf</filename>:
- <screen>
-[mysqld]
-# Prevent network access to MySQL.
-skip-networking
- </screen>
- </para>
- </example>
-
- </section>
-
-<!-- For possible addition in the future: How to better control the bugs user
- <section id="security-mysql-bugs">
- <title>The bugs User</title>
-
- </section>
--->
-
- </section>
-
-
-
<section id="security-webserver">
<title>Web server</title>