Jon Isbell

Securing MySQL February 21, 2012

Did you know that a default installation of MySQL comes with anonymous, test and remote root user accounts? An attacker with knowledge of MySQL can use these accounts as stepping stones for other attacks. Its definitely worth spending a couple of minutes removing these accounts and make your MySQL installation a little more secure.

# Delete anonymous users
DELETE FROM mysql.user WHERE User='';

# Delete remote root users
DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';

# Delete test database

# Delete test users
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';

# Refresh privileges

Categories MySQL Security

Leave a Reply

Your email address will not be published. Required fields are marked *