google-templateswordpress

Secure MySQL

NOTE: We are in the process of modifying the configuration for many Bitnami stacks. On account of these changes, the file paths and commands stated in this guide may change depending on whether your Bitnami stack uses MySQL or MariaDB. To identify which database server is used in your stack, run the command below:

 $ test -d /opt/bitnami/mariadb && echo "MariaDB" || echo "MySQL"

The output of the command indicates which database server (MySQL or MariaDB) is used by the installation, and will allow you to identify which guides to follow in our documentation for common database-related operations.

Once you have created a new database and user for your application, connect to your MySQL server and follow these recommendations:

  • Disallow root login remotely:

    IMPORTANT: Please ensure the mysql.user table includes a ‘root’@‘localhost’ entry. Otherwise, you will lose admin access to the database when running the next command

      mysql> DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
    

    Don’t forget to reload the privileges tables to apply the changes:

      mysql> FLUSH PRIVILEGES;
    
  • Change your root user password.

  • It is strongly recommended that you do not have empty passwords for any user accounts when using the server for any production work.

The configuration adopted by the replica nodes when connecting to the source is set using the “CHANGE MASTER TO” syntax. Replication nodes store the password for the replication in the source info repository. In case you receive the following warning message in the log file of MySQL you can use the “START SLAVE” syntax to specify credentials for connecting to the source node.

IMPORTANT: Storing MySQL user name or password information in the source info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the ‘START SLAVE Syntax’ in the MySQL official documentation for more information.

Last modification December 21, 2022