Comments on: Securing your MySQL installation

By: TigerKR

TigerKR — Mon, 02 Jul 2007 03:11:25 +0000

I was not able to run mysql from the terminal. I would get the error:

~: mysql
ERROR 1045 (28000): Access denied for user ‘username’@'localhost’ (using password: NO)

I was able to workaround this by typing

~: mysql -u root -p

and then when it asks for a password, don’t enter one, just hit the return key

By: Richard5

Richard5 — Tue, 14 Nov 2006 01:24:04 +0000

@James, thanks typo is fixed !

By: James Brown

James Brown — Tue, 14 Nov 2006 00:30:58 +0000

Small typo Richard: in second last sentence of third last paragraph it reads:

Local communication will be still possible throw the mysql.sock socket.

Should be:

Local communication will be still possible through the mysql.sock socket.

By: Michael

Michael — Sat, 11 Nov 2006 19:54:55 +0000

Richard5, absolutely, but it does keep the trivial scripts from hitting it. It protects against script kiddies and not much else. If you choose to keep it open, it doesn’t hurt to change the port.

It’s no substitute for good security, or a firewall rule that restricts access to a limited range of domains.

By: Richard5

Richard5 — Sat, 11 Nov 2006 19:28:22 +0000

@Michael, security by obscurity is never a serious solution. A serious hacker always does a complete portscan and will notice the difference in portnumber.

By: Michael

Michael — Sat, 11 Nov 2006 18:45:26 +0000

Another way to make mysql more secure, if you’re keeping the networking, is to use a port other than 3306. Pick a random number, like 13579 and use that. You won’t get a logfile full of password crack attempts.

By: Paul

Paul — Sat, 19 Aug 2006 20:13:47 +0000

Most (if not all) the above can be done by running the script that comes with MySql:

cd /usr/local/mysql/bin
sudo mysql_secure_installation

Answer the questions that are put to you and thats pretty much it.