General Security Configuration
Introduction: During CUBRID installation, the security issues to think about first can be largely divided into network port issue and user account issue. This chapter describes these issues and relevant configuration.
Table of Contents
- Configuring CUBRID Network
- CUBRID Network Port
- Installing Firewall
- Installing Firewall for Windows
- Installing Firewall for Linux
- CUBRID users
- CUBRID Manager Users
- Database Users
CUBRID network ports can be largely divided into three as follows:
CUBRID database-related port (default 1523)
Manager-related port (default 8001, 8002)
3) Broker-related port (default 30000, 33000)
If there is no need for remote management or connection to the database server or there is no firewall installed on the server or the client to connect, it is not necessary to open the above ports. However, if there is remote management or connection to the database server and firewall is running on the server, an appropriate port setting in the firewall is required to allow connecting to the port as follows:
In the [Network], select [Windows Firewall] > [Change Setting] to add an exception setting for the CUBRID-related ports. For Windows, you have to open all ports used. After installing CUBRID, the ports from 30000 to 30100 and from 33000 to 33100 must be open. For more information, see "CUBRID Administrator's Guide."
Note: CUBRID opens one port from 30001 to 30100 and from 33000 to 33100 for each server application defined by the MIN_NUM_APPL_SERVER and MAX_NUM_APPL_SERVER values in cubrid_broker.conf. You can check these open ports using the "netstat -an" command.
Figure 1. Installing Firewall for Windows
Figure 2. Adding and Editing Exceptional Port
Add the configuration of CUBRID-related ports in the /etc/sysconfig/iptables.
Figure 3. Installing Firewall for Linux
If you connect to the database by using the CUBRID Manager after CUBRID installation, the initial user ID and password are admin/admin. Use them only for the first connection, but you must change the password immediately as you want for security.
After login, go to Tools > Managing CUBRID Manager Users and change your password and set up authority.
Figure 4. Changinge admin password in the CUBRID Manager
Each database created in the CUBRID has its own user management system. For each database, default user, i.e. dba and public are created and they cannot be arbitrarily deleted. The initial password of a user, i.e. dba or public is NULL. For safe database use, change their passwords as shown below. (For user management, log into a database as a dba user without a password. Normal operation is possible only when database is running.)
Figure 5. The First Database User Login
Figure 6. User Management of a Running Database
To change a password in the CUBRID manager, go to General User Information.
Figure 7. Changing Password of Database User
If you install an application such as Zeroboard or Gnuboard or if you develop an application, make sure to secure effective authority management and also security by creating a new database user.
Figure 8. Adding a New Database User in the CUBRID Manager