Difference between revisions of "Secure your mysql"

From mx Help Wiki
Jump to: navigation, search
m
(Securing MySQL)
Line 1: Line 1:
 
== Securing MySQL ==
 
== Securing MySQL ==
  
(the following instructions were copied almost verbatim from http://www.securityfocus.com/infocus/1726)
+
(the following instructions adapted from http://www.securityfocus.com/infocus/1726)
  
 
'''Change admin password'''
 
'''Change admin password'''
Line 7: Line 7:
 
Changing the database administrator's password (empty by default). First run MySQL (if it is not already):
 
Changing the database administrator's password (empty by default). First run MySQL (if it is not already):
  
chrootuid /chroot/mysql mysql /usr/local/mysql/libexec/mysqld &
+
yourterminal$ mysql -u root -p
  
and change the administrator's password as follows:
+
when prompted for a password leave it blank (i.e., just hit 'return')
  
/usr/local/mysql/bin/mysql -u root
+
then change the administrator's password as follows:
mysql> SET PASSWORD FOR root@localhost = PASSWORD('new_password');
+
  
It is good practice not to change passwords from the command line, for example, by using the "mysqladmin password" command. This is especially important when other users work on the server. In that case the password could be easily revealed, e.g. by using the "ps aux" command or reviewing history files (~/.history, ~/.bash_history etc), when improper access rights are set to them.
+
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yournewpaswd');
  
'''Remove default users/db'''
+
But replace yournewpaswd (keep the single quotes in there though) with a password that '''you will not forget'''.
 
+
Next, we must remove the sample database (test) and all accounts except the local root account:
+
 
+
mysql> drop database test;
+
mysql> use mysql;
+
mysql> delete from db;
+
mysql> delete from user where not (host="localhost" and user="root");
+
mysql> flush privileges;
+
 
+
This will prevent the database from establishing anonymous connections and -- irrespective of the skip-networking parameter in /chroot/mysql/etc/my.cnf -- remote connections as well.
+

Revision as of 16:27, 19 January 2007

Securing MySQL

(the following instructions adapted from http://www.securityfocus.com/infocus/1726)

Change admin password

Changing the database administrator's password (empty by default). First run MySQL (if it is not already):

yourterminal$ mysql -u root -p

when prompted for a password leave it blank (i.e., just hit 'return')

then change the administrator's password as follows:

mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yournewpaswd');

But replace yournewpaswd (keep the single quotes in there though) with a password that you will not forget.

Retrieved from "http://mx.phenomix.org/index.php?title=Secure_your_mysql&oldid=1684"
Personal tools