| Security |
| |
| Securing MySQL Under Linux/Unix |
| |
| If you have newly installed MySQL on a test system, then you are starting out with an immensely insecure default setting, one that is not password-protected. It is interesting to note that this default setting depends on the operating system. |
| |
| Under Windows, the setting is even more insecure than under Unix and Linux. Please note that the default privileges have changed repeatedly over time. |
| |
| The user root on the local system (host name localhost or computername) has unlimited rights. Furthermore, all users on the local system are permitted to access MySQL without a password; in contrast to root, these users have no rights whatsoever (they can't even execute a SELECT command). Access from an external computer is by default not allowed. |
| |
| root Password for Local Access |
| |
| With the following two commands you can secure root access with a password xxx. (Instead of xxx,you should, of course, provide the password of your choice.) |
| |
root# mysqladmin -u root -h computername password xxx
root# mysqladmin -u root -h localhost password xxx |
| |
| Instead of computername you should give the name of the local computer (which you can determine with the command hostname). As we have mentioned, the name localhost is valid when the local connection is effected over a socket file (which is the usual state of affairs). On the other hand, computername holds when the local connection is via TCP/IP (in particular, with Java programs). |
| |
| No Local Access Without Password: Please note that in accordance with the MySQL default settings, a MySQL connection can be made from the local computer with any user name other than root. |
| |
| In contrast to the root connection, such connections are, to be sure, provided with no privileges, but nonetheless they represent a security risk. (For example, such users have unrestricted access to test databases.) |
| |
| |
|
|
| |
| |
