Securing MySQL Database

After installing your web server and its accompanying MySQL database, there is a built-in MySQL script you should run which will run a number of actions to further secure your database. This does some simple post-install security checks and tidy-up operations, and is a good way to set your security baseline. Simply go to the command line, and type mysql_secure_installation.

For each prompt, where you are asked to type Y or N, whichever is the default answer is indicated by the letter in capitals. So for, ‘Remove anonymous users [Y/n]’, simply hitting the Enter key will select Y by default.

The first thing it will do is ask you for the root password, in order to log in and run the script. It then checks for anonymous users. By default MySQL has an anonymous user, which can be logged into without a password. It is intended for testing purposes, but we have no need for it here. When prompted, type ‘Y’ and press Enter.

You are then asked if you want to disallow root login remotely, which will prevent MySQL accepting logins as root from the network, and whether you want to drop a default database named ‘test’, which again is meant for testing purposes. To each of these you should select the default answer of ‘Y’ and hit Enter.

Finally MySQL will ask if you want to reload the privilege tables, thus ensuring that the changes made in this script take effect immediately. Again either type ‘Y’ or press Enter to select the default ‘Y’ response. Once done, you’ve taken the appropriate steps to further secure your MySQL database.