Following up on this entry, here are some more best practices to secure MySQL in a production environment.
But
before moving forward, let me pay credit to Lenz Grimmer who helped me to put this information together.
After setting a password for the MySQL root account and removing the test database and anonymous account you can also limit the remote access to MySQL to a specific host. You do this by setting the bind-address attribute in the /etc/mysql/my.cnf file to the host ip-address:
bind-address=ip-address
If you set bind-address to 127.0.0.1, which is the loopback address, then MySQL only accepts connections from the host where it runs.
If you uncomment skip-networking in my.cnf MySQL only accepts connection from the Unix socket domain: the result is similar to setting bind-address ot 127.0.0.1: MySQL only accepts connection from the localhost.
Becoming even more secure, restrict access to the mysql.user
table to the root user so that no one else can grant access to new
users (as a reminder, only users listed in this table can actually
connect to MySQL). Use "SELECT * FROM mysql.user" to obtain the list of MySQL users, and use "SHOW GRANTS [FOR user]" to see a user privileges.
Oct 17 2009, by Thierry Manfe
| Comments[0]
Share
