4.2. MySQL

4.2.1. The MySQL System Account

As mentioned in Section 4.1.2, the MySQL daemon should run as a non-privileged, unique user. Be sure to consult the MySQL documentation or the documentation that came with your system for instructions.

4.2.2. The MySQL "root" and "anonymous" Users

By default, MySQL comes with a "root" user with a blank password and an "anonymous" user, also with a blank password. In order to protect your data, the "root" user should be given a password and the anonymous user should be disabled.

Example 4-1. Assigning the MySQL "root" User a Password


bash$ mysql mysql
mysql> UPDATE user SET password = password('new_password') WHERE user = 'root';
mysql> FLUSH PRIVILEGES;
        

Example 4-2. Disabling the MySQL "anonymous" User


bash$ mysql -u root -p mysql           (1)
Enter Password: new_password
mysql> DELETE FROM user WHERE user = '';
mysql> FLUSH PRIVILEGES;
        
(1)
This command assumes that you have already completed Example 4-1.

4.2.3. Network Access

If MySQL and your webserver both run on the same machine and you have no other reason to access MySQL remotely, then you should disable the network access. This, along with the suggestion in Section 4.1.1, will help protect your system from any remote vulnerabilities in MySQL.

Example 4-3. Disabling Networking in MySQL

Simply enter the following in /etc/my.cnf:

[mysqld]
# Prevent network access to MySQL.
skip-networking