Jon Isbell

Securing MySQL February 21, 2012

Did you know that a default installation of MySQL comes with anonymous, test and remote root user accounts? An attacker with knowledge of MySQL can use these accounts as stepping stones for other attacks. Its definitely worth spending a couple of minutes removing these accounts and make your MySQL installation a little more secure.

# Delete anonymous users
DELETE FROM mysql.user WHERE User='';

# Delete remote root users
DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';

# Delete test database

# Delete test users
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';

# Refresh privileges
No Comments on Securing MySQL
Categories: MySQL Security