X
X
X
X
Protect your socket-running MySQL database from public
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h quartus.example.net password 'new-password'
You might have seen this note after a MySQL installation and ... have ignored it. It's hard to find such
an advice later. But even if you have set two passwords with these commands above, it was probably not
enough.
It might not fully protect your database in case you're running MySQL against a TCP port which is
accessible from outside.
This could just protect unauthorized access from localhost users.
A full access from outside might work without
the need to enter a password.
To verify your current status, connect with mysql -D mysql and
then enter
SELECT host,user,password FROM user WHERE user='root';
A similar result as the following is very bad:
+----------------+------+------------------+
| host | user | password |
+----------------+------+------------------+
| localhost | root | 57a1d59f2a2a8558 |
| % | root | |
+----------------+------+------------------+
This means you had to enter a password from localhost but from anywhere in the world no password is
required.
In such a case, enter these commands to protect your database:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';
mysql> UPDATE user SET Password=PASSWORD('yourpass') WHERE User='root' AND Host='%';
mysql> FLUSH PRIVILEGES;
See also:
iC Home > Know-how >
MySQL Database >
User Management > Access Restriction from root
- Reference