Mysql Server is the most popular database in the planet , its stable and free and well documents and has a wide support in the community, but what about its security , the database by default is kinda secure but needs some configurations to ensure that its safe
we will begin by installing it in fresh server
sudo apt-get install mysql-server
sudo yum install mysql-server /etc/init.d/mysqld start
the second thing to do is to run ” mysql_secure_installation” script which is come with mysql
This setup will take you through a series of steps.
First, you’ll need to enter the root password to connect to your database.
The first question will ask if you want to change the root password, but because you just set it, enter n for no.
Then it will ask you as series of questions if you want to remove anonymous users or not and remove information table or not, press ENTER to accept the default response.
The configuration file for MySQL is called “my.cnf” that is located in the “/etc/mysql/” or “/etc/”.
cd /etc/mysql/ sudo nano my.cnf
search for bind-address and make sure the ip is set to your local loopback network device which is “127.0.0.1”
bind-address = 127.0.0.1
this make sure that mysql will not accpet any remote connection from other ips
In the same file we will add one more line to disable the ability to load local files, which is some time used in advanced sql-injection
mysql security recommendations:-
there is some security recommendations for mysql we will go through them quickly
1- change root username
in mysql console type
rename user 'root'@'localhost' to 'newAdminUser'@'localhost';
note: you can access mysql console by typing mysql -u USERNAME -p the hit ENTER and enter your password and hit ENTER again
2- use different user with every database with limited privileges
when you create a new database
create database ExampleDB;
create a new user for it
CREATE USER 'exampleuser'@'localhost' IDENTIFIED BY 'password';
and grant the new user privileges on the new database
GRANT SELECT,UPDATE,DELETE ON ExampleDB.* TO 'exampleuser'@'localhost';
now the user exampleuser has only select and update and delete permissions on the database ExampleDB , so we ensure even if this account is hacked no other databases will be damaged
finally dont use any installation by default always look for tuning or security hints because every default installation be general to work in every situation, so customized it and secure it.