MySQL general security guidelines. Part 2.
Securing MySQL Against Attackers
The password is encrypted when you connect to the MySQL server and as of MySQL 4.1.1 is very secure. However, it is advisable to upgrade if you are still using an earlier version of MySQL as hackers could quite easily crack your password. For those using MySQL Enterprise, the Enterprise Monitor enforces best practices for the maximum security of the MySQL server.
Besides the password, all other information is not encrypted and is transferred as text and can be read by hackers. Use the compressed protocol if you are concerned about this as it makes it more difficult to hack. You can also use MySQL’s internal SSL support to make the connection even more secure or use SSH to get an encrypted TCP/IP connection between a MySQL server and a MySQL client. (See http://www.openssh.org/ for an Open Source SSH client).
Consider the following in order to improve your MySQL security:
-
Require all MySQL accounts to have a password.
-
Never run the MySQL server as the Unix root user - mysqld should be run as an ordinary, unprivileged user.
-
Do not allow the use of symlinks to tables
-
Make sure that the only Unix user with read or write privileges in the database directories is the user that mysqld runs as.
-
Do not grant the PROCESS or SUPER privilege to non-administrative users.
-
Do not grant the FILE privilege to non-administrative users.
-
Use IP numbers rather than hostnames in the grant tables.
-
Restrict the number of connections allowed to a single account - by setting the max_user_connections variable in mysqld…
Want to be notified when a new post is published?
