We will secure MySQL installation by running mysql_secure_installation.
Enter the root password that we set on installation.
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Since we already have a root password set, answer this part with n.
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] n
Remove the anonymous user to improve security. This will make sure people or the application has the correct username and password to login to MySQL. Answer with Y
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
Remove anonymous users? [Y/n] Y
We also want remove root login from remote machine. Answer with Y.
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
Previously the test database created automatically by the MySQL installation, but MySQL 5.6 does not create test database. We can still choose Y, it will throw error but that's fine.
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
... Failed! Not critical, keep moving...
- Removing privileges on test database...
The last step is to reload the MySQL privilege table.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Create a Database for mahara
Now we have a secure MySQL installation, it's time to create database and user for mahara itself.
Login to MySQL using root credential.
$ mysql -u root -p
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 58
Server version: 5.6.30-0ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
Create a new database named mahara using command below:
mysql> CREATE DATABASE mahara CHARACTER SET utf8 COLLATE utf8_general_ci;
Query OK, 1 row affected (0.00 sec)
Create a User for Mahara
The database for mahara is ready, let's create a username and password and grant privileges to mahara database.
Don't forget to change the password mahara123secret below with better password.
mysql> GRANT ALL PRIVILEGES ON `mahara`.* TO 'mahara'@'localhost' IDENTIFIED BY 'mahara123secret';
Query OK, 0 rows affected (0.00 sec)
We need to run FLUSH PRIVILEGES command so that the privileges table will be reloaded by MySQL and we can use new credential.
Don't forget to change mahara.exampleserver.xyz above with the domain name that you use for your mahara installation.
Enable the site using a2ensite command.
$ sudo a2ensite mahara
Reload the apache2 process so it read the new virtualhost configuration:
$ sudo service apache2 reload
Move the mahara configuration file config-dist.php to config.php.
Open config.php file.
Change database configuration to reflect database name and credential we created earlier.
$cfg->dbtype = 'mysql';
$cfg->dbhost = 'localhost';
$cfg->dbport = null; // Change if you are using a non-standard port number for your database
$cfg->dbname = 'mahara';
$cfg->dbuser = 'mahara';
$cfg->dbpass = 'mahara123secret';
Change dataroot configuration from :
$cfg->dataroot = '/path/to/uploaddir';
$cfg->dataroot = '/var/www/mahara/uploaddir';
Set urlsecret and passwordsaltmain configuration
// $cfg->urlsecret = 'mysupersecret';
// $cfg->passwordsaltmain = 'some long random string here with lots of characters';
These two configurations should be filled with random characters. You can use two online service below to get random character to be used for two value above.
Header always set Strict-Transport-Security "max-age=15768000"
# intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
We will also disable mahara http only virtual host and enable the new virtual host config.
Mahara have mail support, we will not go through email settings in this tutorial. However, I strongly recommend using third party email service like Mailgun or Sendgrid for Mahara instead of setting up your own email server.
On root user add crontab entry below. Please change somesecret value below with urlsecret that you already change when setting up Mahara.
Truth be told, it’s difficult for a web application that doesn’t have some kind of identification, even if you don’t see it as a security measure in and of itself. The Internet is a kind of lawless land, and even on free services like Google’s, authentication ensures that abuses will...
Although data persistence is almost always a fundamental element of applications, Node.js has no native integration with databases. Everything is delegated to third-party libraries to be included manually, in addition to the standard APIs. Although MongoDB and other non-relational databases are the most common choice with Node because if you...