News, tips, partners, and perspectives for the Oracle Solaris operating system

Securing MySQL (part 1 of 2)

Guest Author

You finished the development phase of your Web project, and you are now
heading to production. This means that your web-site will be
soon on-line, visible on the Internet, and may become a potential
target for attacks.

During development, you have been using
MySQL on your laptop, and since you are the only one accessing your
laptop you used the default configuration as-is. You are perfectly
right in doing that, in fact MySQL is pretty secure by default, but
here are a set of post-installation best practices to bring MySQL
security to the next level.

1) Set a password for the root
account. Note that by "root account" I don't mean the super-user of the
operating system, but the super-user of MySQL itself:
$ mysql ­-u root mysql
mysql> SET PASSWORD FOR root@localhost=PASSWORD('new_password');

2) If they exist, remove the MySQL anonymous account - or assign a password to it - and the test database. The anonymous user has limited privileges and should only be able to access the test database. Yet, the test database could be filled with unnecessary data that would consume disk space

mysql> DROP DATABASE test;
Query OK, 0 rows affected (0.07 sec)
mysql> DELETE FROM mysql.user WHERE User='';
Query OK, 0 rows affected (0.00 sec)

3) The mysql_secure_installation script does all of the above for you

If you need remote access to MySQL, if possible limit the remote
access to a specific host. Do this by assigning the IP address of the
host to the bind-address option in the my.cnf file located in /etc/mysql. If you want to limit the access to the local host, set the skip-networking option in my.cnf

I will be posting more on that soon. Stay tune...

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.