-
Make sure you set a root password for MySQL.
-
Delete anonymous accounts; they allow access to strangers and may keep out legitimate users.
-
Be very careful about granting the privileges FILE , PROCESS , and WITH GRANT OPTION .
-
Encrypt application-level passwords with MD5() or CRYPT() rather than PASSWORD() .
-
Don't run mysqld as the Unix root user. Create a low-privilege user specifically to run mysqld.
-
Limit access to mysqld to the MySQL low-privilege user.
-
Limit access to programs and scripts as necessary to the user. Use the principle of least privilege: Give users access only if they really need it!
-
Limit access to the data directory to the MySQL user.
-
Never trust data directly from the user. Always filter it in your application-level logic.
-
Turn on SSL connections if encrypted connections are required.
-
Remember to watch the physical security of your MySQL server!