Hosting Tutorial & Guide

Best Tips to Secure MySQL Databases Against Attackers

updated on Aug 13, 2015
Best Tips to Secure MySQL Databases Against Attackers As the most popular open source database engine, MySQL itself is quite secure. But you can still add extra security layers to keep your MySQL databases away from common attacks. If you value your online business, you will never want to run the risk of a database corruption.

In below, we'd like to introduce the best post-installation practices that you can utilize to protect MySQL databases thus increase the security of your website.

Secure the Operating System

The security of the operating system needs to be discussed ahead of a single database, because if the entire environment is unsafe, all things in it are vulnerable and can be easily exposed to attackers. To safeguard the operating system and MySQL server, you can apply the following methods.
  • Host database server and web server separately on different physical machines. If it is possible, run the database server on a separate server so that server issues caused by the vulnerabilities of other applications or services can be prevented.
  • Install antivirus software, firewall, and all recommended patches and updates. A firewall can effectively filter the traffic to the MySQL server. For better security, it is also recommended to perform port lockdown.
  • Disable all unnecessary services. Less is better.
Secure the Operating System

Secure All Accounts and Passwords

One of the most common methods that attackers intrude a MySQL database is by stealing the information of insecure accounts. To reduce the possibility of this risk, you must try the practices below.

Require passwords for all MySQL accounts

Client programs do not always identify the user. Therefore, users can specify any other username to connect to MySQL if the database name is known and the username is not given a password. Forcing password for each username makes it harder to establish connections with anonymous accounts.

Do not use root user to run the MySQL server

During the MySQL installation, an administrative user is created by default which is named as "root". Everyone knows that, so attackers usually try to access it to obtain the permissions. To make the important account safer, you need to rename it and then give it a long and complex password.

You can use the following commands in the MySQL console to complete the tasks.

To rename the "root" user:
mysql> RENAME USER root TO new_username;
To change the password:
mysql> SET PASSWORD FOR 'username'@'%hostname' = PASSWORD('newpassword');

Minimize user accounts

More accounts possess more risks. So you should keep the number of user accounts to the minimum and only create accounts for those who really need it. Also, remember to remove the unused accounts and the anonymous ones. If you have a number of users, have a check periodically.

Strengthen all passwords

Besides the administrator account, you also need to enforce strong passwords for every other user. You can review all the usernames and passwords, and then reset the passwords of the weak accounts when necessary. This sounds a little bit time-consuming, but it is definitely worth the time and energy.

Secure Accounts and Passwords

Limit Database Privileges

Each user should be granted the proper privileges so that the database can run properly while the security is not compromised easily. In terms of the database privileges, we have the following suggestions.

Do not grant FILE/SUPER/PROCESS privileges to non-administrative users

None of the FILE, SUPER and PROCESS privileges should be abused. With the FILE privilege, the user is able to write a file at any place in the file system; the PROCESS privilege allows the user to see all the statements that are executed; and the SUPER privilege enables the user to check server activities at any time, terminate client connections and change server operations. To make your database secure, keep these privileges to administrator accounts only.

Limit or disable SHOW DATABASES privilege

The SHOW DATABASES privilege can be used to gather database information, so attackers usually use it to steal data and prepare for further attacks. You should grant this privilege to the ones who really need it, or disable the use of it completely by adding the following line to the [mysqld] section of /etc/my.cnf, the MySQL configuration file. For Windows operating system, the file name is my.ini.

skip-show-database

Limit the permissions of administrators and all other users

Even if for administrators, do not grant all permissions and privileges to the same account. It is suggested to lower administrator accounts' permissions for accessing data. For the rest users, you'd better review the privileges for all of them to make sure that everything is appropriate.

Limit Database Privileges

Remove the Risky Components

The default configuration of MySQL database comes with some unnecessary components. You can take the following suggestions into consideration.

Disable the use of LOAD DATA LOCAL INFILE command

This command enables the user to read local files and even access other files on the operating system, which may help attackers gather important information and make use of the vulnerabilities in applications to intrude your database. To disable the command, insert the following line to the [mysqld] section of my.cnf.

set-variable=local-infile=0

Delete the test database

There is a default "test" database available which, as the name indicates, is used for testing purpose. Since this database is risky and accessible to anonymous users, you should drop it as soon as possible by using the command below.

mysql> DROP database test;

Remove the history file

MySQL server has a history file which helps you figure out what is wrong when there is a problem during the installation. The file includes sensitive information which brings huge risk if it is obtained by an attacker. For example, the passwords are stored in plain text. Since the file is not useful any more after a successful installation, you can remove the content in it by using the command below.

cat /dev/null > ~/.mysql_history

Remove Risky Components

Restrict the Remote Access to MySQL Server

For most users, the MySQL server does not need to be accessible through the insecure open network. You can limit the hosts by configuring the firewall or hardware or just forcing MySQL to listen to the localhost only. For remote access, SSH tunnels should be required.

If you want to limit users to establish connections only from localhost, add the following line in the configuration file.

bind-address=127.0.0.1

Make Use of Logging

Enable logging allows you to monitor the activities on your server, so that you can analyze the failed login attempts and the access to sensitive files to know whether there are malicious activities launched toward your server and database. Logging can be enabled manually by adding the following command to the MySQL configuration file.

log =/var/log/mylogfile

In terms of logging, there are two suggestions.
  • Enabling logging is only recommended for database servers with limited numbers of queries executed. For heavy production servers, it may cause high overload.
  • Only "root" and "mysql" should be granted the access to the log file "hostname.err" as this file includes much sensitive data like table names and passwords.

Make Use of Logging