generalphplist

Secure MySQL

Once you have created a new database and user for your application, connect to your MySQL server and follow these recommendations:

  • Remove anonymous users:

    mysql> DELETE FROM mysql.user WHERE User='';

  • Remove the test database and access to it:

    mysql> DROP DATABASE test;
mysql> DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';

  • Disallow root login remotely:

    mysql> DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');

    Don’t forget to reload the privileges tables to apply the changes:

    mysql> FLUSH PRIVILEGES;

  • Change your root user password.

  • It is strongly recommended that you do not have empty passwords for any user accounts when using the server for any production work.

  • If you don’t need remote access, uncomment the line

    #bind-address=127.0.0.1

    in the MySQL configuration file to only listen for connections on the local machine. Restart the server once done.

Last modification April 8, 2020