This section describes some general security issues and what you can do to make
your MySQL database server installation more secure against attack or misuse. It is vital that
the host server, not just the database server portion, is well protected against all types of
applicable attacks: eavesdropping, altering, playback, and denial of service (dos), etc.
1. Do not ever give anyone access to the table user
in the mysql database.
This is absolutely critical. Anyone who obtains the password that is listed in the user table
and has access to the host listed for that user account can log in as that user.
2. You should know and use the MySQL access privilege system. The GRANT and REVOKE statements
are used for controlling access to MySQL. You need to fully understand the user requirements
before allowing GRANT operations to certain database or table. You should never grant more
privileges than necessary to complete the job. Never ever grant privileges to all hosts
(remote computers) indiscriminantly without knowing the reasons and their requirements.
On a dedicate server, the best policy is to grant privileges only to the local host.
3. You need to make sure that root requires a password to log in. Try mysql -u root.
If you are able to connect successfully to the server without being asked for a password,
your database server is vulnerable. Anyone can connect to your MySQL server as the MySQL root
user with administrator privileges. This situation exists only immediately after a fresh
installation of the MySQL database server. As soon as the query engine functions, you should
change the root password. The TCP port 3306 should never be opened before a root password is secured.
4. Do not store any plain-text passwords in your database. If your computer becomes compromised,
the intruder can take the full list of passwords and use them. Instead, use compression schemes
such as MD5(), SHA1(), or some other one-way hashing function which is irreversible.
5. Do not choose passwords from dictionaries. There are special programs and scripts to break them.
You should pick a name or pattern which is easy to remember, but very difficult or impossible for
anyone else to guess.
6. The database server needs to be deployed behind a firewall. You need to make sure that the firewall
service is active (/sbin/service --status-all to see firewall rules and open ports). This protects the
database server from possibly more than 90% of all types of exploits from remote computers trying to break in.
7. Scan all listening ports on your server (netstat -nl). MySQL uses port 3306 by default. From the
list of open ports, if there are open ports that are not needed by the dedicated server, you need to
change the firewall setting to close the port and disable all daemon services asscociated with the port.
8. Do not trust any data entered by the users of your applications. They can try to trick your scripts by
entering special or escaped character sequences in Web forms, URLs, or whatever application you may have built.
You need to test for extreme or unlikely cases to make sure that your application remains secure even if a user
enters something like DROP DATABASE mysql, etc. Regarding security issues, you should always consider that
anything is possible. So check out and test the unexpected, or at least have a contingency plan in case of
a break-in or compromise.
9. Do not transmit plain (unencrypted) text data over the Internet. This information is accessible to anyone
who has the time and ability to intercept it and use it for their own purposes. Use an encrypted protocol
such as SSL or SSH instead. MySQL supports internal SSL connections. SSH port-forwarding can be used to
create an encrypted (and compressed) tunnel for the secure communication.
10. Make sure that all MySQL users require a password to log in. Each user is required to have the correct
user id, password, hostname or remote IP address, and database name. This restriction makes the connecting
to the database using another user's account much more difficult, or impossible.