Thursday, June 27, 2013

How to secure a vanilla MySQL installation

It may seem complicated, but actually it's extremely easy.

The vanilla installation has no root password, so you can do:
# mysql -u root

However, really securing the installation is more involved than simply setting a root password. To make sure "all the bases are covered" (to use a U.S. idiom), use this command:
# /usr/bin/mysql_secure_installation

This is an easy way to effect basic setup so, for example, root can login only from localhost, etc.

If you're not particularly concerned about security, you can put the root password in /etc/my.cnf -- that way, you won't have to type it manually.

1 comment:

  1. You can also put the root password in ~/.my.cnf - your home directory, where you can/should set file permissions very restrictive (600). The contenct is easy:

    user = root
    password =

    That's it - no need to explore your personal password to the world ;-)