Difference between revisions of "Secure your mysql"

From mx Help Wiki
Jump to: navigation, search
(New page: == Securing MySQL == (the following instructions were copied almost verbatim from http://www.securityfocus.com/infocus/1726) '''Change admin password''' Changing the database administr...)
 
m
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
 
== Securing MySQL ==
 
== Securing MySQL ==
  
(the following instructions were copied almost verbatim from http://www.securityfocus.com/infocus/1726)
+
(the following instructions adapted from http://www.securityfocus.com/infocus/1726)
  
 
'''Change admin password'''
 
'''Change admin password'''
Line 8: Line 7:
 
Changing the database administrator's password (empty by default). First run MySQL (if it is not already):
 
Changing the database administrator's password (empty by default). First run MySQL (if it is not already):
  
chrootuid /chroot/mysql mysql /usr/local/mysql/libexec/mysqld &
+
yourterminal$ mysql -u root -p
 
+
and change the administrator's password as follows:
+
 
+
/usr/local/mysql/bin/mysql -u root
+
mysql> SET PASSWORD FOR root@localhost=PASSWORD('new_password');
+
 
+
It is good practice not to change passwords from the command line, for example, by using the "mysqladmin password" command. This is especially important when other users work on the server. In that case the password could be easily revealed, e.g. by using the "ps aux" command or reviewing history files (~/.history, ~/.bash_history etc), when improper access rights are set to them.
+
  
'''Remove default users/db'''
+
when prompted for a password leave it blank (i.e., just hit 'return')
  
Next, we must remove the sample database (test) and all accounts except the local root account:
+
then change the administrator's password as follows:
  
  mysql> drop database test;
+
  mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yournewpaswd');
mysql> use mysql;
+
mysql> delete from db;
+
mysql> delete from user where not (host="localhost" and user="root");
+
mysql> flush privileges;
+
  
This will prevent the database from establishing anonymous connections and -- irrespective of the skip-networking parameter in /chroot/mysql/etc/my.cnf -- remote connections as well.
+
But replace yournewpaswd (keep the single quotes in there though) with a password that '''you will not forget'''.

Latest revision as of 16:38, 19 January 2007

[edit] Securing MySQL

(the following instructions adapted from http://www.securityfocus.com/infocus/1726)

Change admin password

Changing the database administrator's password (empty by default). First run MySQL (if it is not already): 

yourterminal$ mysql -u root -p

when prompted for a password leave it blank (i.e., just hit 'return')

then change the administrator's password as follows: 

mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yournewpaswd');

But replace yournewpaswd (keep the single quotes in there though) with a password that you will not forget.

Retrieved from "http://mx.phenomix.org/index.php?title=Secure_your_mysql&oldid=1685"
Personal tools