awsmysql

Secure MySQL

Once you have created a new database and user for your application, connect to your MySQL server and follow these recommendations:

  • Remove anonymous users:

      mysql> DELETE FROM mysql.user WHERE User='';
    
  • Remove the test database and access to it:

      mysql> DROP DATABASE test;
      mysql> DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
    
  • Disallow root login remotely:

    IMPORTANT: Please ensure the mysql.user table includes a ‘root’@‘localhost’ entry. Otherwise, you will lose admin access to the database when running the next command

      mysql> DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
    

    Don’t forget to reload the privileges tables to apply the changes:

      mysql> FLUSH PRIVILEGES;
    
  • Change your root user password.

  • It is strongly recommended that you do not have empty passwords for any user accounts when using the server for any production work.

  • If you don’t need remote access, uncomment the line

      #bind-address=127.0.0.1
    

    in the MySQL configuration file to only listen for connections on the local machine. Restart the server once done.

Last modification December 21, 2022