Secure existing MySQL installation

secure-mysql-installation
MySQL is a free, easy-to-use database server that supports multiple databases and tables, and allows clients to query them with SQL. This cheat-sheet shows how to secure MySQL in a few simple steps.

Change MySQL root password

First step to secure MySQL is changing the database superuser password, which is empty by default:

mysql> UPDATE mysql.user SET Password=PASSWORD('pa$$w0rD') WHERE User='root'; Remove unneeded databases and users

Next, remove test database:

mysql> DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; mysql> DROP DATABASE test;

and users:

mysql> DELETE FROM mysql.user WHERE User='root' AND Host != 'localhost'; mysql> DELETE FROM mysql.user WHERE user = '';

Finally, reload MySQL privilege information to make above changes to take effect:

mysql> FLUSH PRIVILEGES; Improve local security

MySQL config file contains several directives that can help to avoid some types of attacks. Open it and change the following values in [mysqld] section:

bind-address=127.0.0.1 local-infile=0 # avoid some Denial of Service attacks max_user_connections=256 max_connect_error=4

bind-address
Make MySQL to listen for TCP/IP connections only locally on the loop-back interface.

local-infile
Prevents against unauthorized reading from local files, useful to avoid SQL injection attacks.

max_user_connections
The maximum number of simultaneous connections allowed for a single user

max_connect_error
Block a host after this many unsuccessful connection attempts. This is especially helpful against a dictionary-based password attack. You can unblock blocked hosts with the FLUSH HOSTS statement.

Install a database firewall

GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. It works as a proxy and has built-in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL provides MySQL database security solution

Related Posts:

Sursa
2009-12-17 16:13:28



Comenteaza





Ultimele 25 posturi adăugate

17:50:00ZORI DE CARTE NOUĂ —» Leo Butnaru
07:39:05Spumantul-surpriză cu marea medalie de aur —» Fine Wine
18:48:48Fără Titlu —» Путепроводные Заметки
16:37:04Fără Titlu —» Путепроводные Заметки
14:10:40Fără Titlu —» Путепроводные Заметки
11:47:22Spectacol în aer liber la Amfiteatrul din Ciocana in final de stagiune —» Curaj.TV | Media alternativă
08:29:55Cultura Iei: Moștenirea și Simbolistica Costumului Popular —» Biblioteca de Arte 'Tudor Arghezi'
04:32:00POEME PRIN ANI —» Leo Butnaru
20:50:01Fără Titlu —» Путепроводные Заметки
19:21:42Fără Titlu —» Путепроводные Заметки
17:57:00Iulie 2025 – evenimente karmice, violențe, schimbări majore —» codul omega
17:52:41Fără Titlu —» Путепроводные Заметки
15:32:52Fără Titlu —» Путепроводные Заметки
05:01:00DIN YES-EURI —» Leo Butnaru
01:25:15Fără Titlu —» Путепроводные Заметки
19:38:25Fără Titlu —» Путепроводные Заметки
17:35:11Fără Titlu —» Путепроводные Заметки
14:30:58Primarii care i-au ajutat pe romi. Deportarea romilor în Transnistria —» Curaj.TV | Media alternativă
14:11:48Fără Titlu —» Путепроводные Заметки
08:54:11Ștefan Iamandi: mii de surse media au publicat informații de la Congresul OIV din Moldova —» Fine Wine
06:01:00ÎN AȘTEPTARE 4/11 —» Leo Butnaru
05:44:00Amintiri —» Andrei LANGA. Blogul personal
05:44:00Amintiri —» Andrei LANGA. Blogul personal
03:44:24Fără Titlu —» Путепроводные Заметки
01:22:04Fără Titlu —» Путепроводные Заметки