Security for the new MySQL installation

mysql| Security | Security This chapter discusses the responsibilities that MySQL administrators need to perform to keep MySQL running properly. These responsibilities include ensuring that the server runs as efficiently as possible, setting user accounts so that clients can access the server, maintain log files, and perform database backups. To achieve higher performance, administrators can also run multiple servers or modify services
Operation parameters of the device. Finally, because MySQL is in a state of rapid development, administrators must be able to determine what to upgrade MySQL. Other important management issues will be described in chapter 12th, "Security" and chapter 13th, "Database Maintenance and Repair".
Several programs that are useful for MySQL administrators are included in these chapters:
Mysqladmin performs a variety of administrative operations.
Safe_mysqld and Mysql.server are scripts that start the MySQL server mysqld.
Mysqldump is used for database backup and copy operations.
Myisamchk and Isamchk are used for table integrity checking and repair operations.
For additional information about these programs, see Appendix E, "MySQL program reference."

You may be reading this chapter because you have just installed MySQL in accordance with the instructions in Appendix A, "Getting and installing software." If so, you need to set a password for the Mysqlroot user-for a new MySQL installation, the server is running with unsafe permissions. The author assumes that you have initialized the data directory and include the authorization table
MySQL database. In Unix, you can do this by running the mysql_install_db script. In Windows, data directories and MySQL databases are initialized by running the Setup program in the server distribution package. The author also assumes that the server is running.
When MySQL is first installed on the machine, the initial permissions for the MySQL database's authorization table are as follows:
You can connect from the local host with root, without any password. The root user has all the privileges (including administrative privileges), so it's a coincidence that you can do a lot of things (by the way, MySQL Superuser and Unix superuser both have names root. They don't have anything to do with each other.
Anonymous access is granted to the user who is connected from the local host, which has a database named test or any database with the start of ' t e s _ '. Anonymous users can use such a database to do anything, but do not have administrative privileges.
Connections from the local host to the server will be allowed, regardless of whether the connected user specifies the localhost hostname or the actual host name. For example, if the server is on Pit-viper.snake.net, the client on that host can connect to the server without a password, thereby using one of the following statements to use the test database:
% mysql-h localhost test
% mysql-h pit-viper.snake.net Test
The fact that you can even connect to MySQL without a password as root means that the initial installation is unsafe. Therefore, one of the initial actions as a MySQL administrator should be to set the password for the root user. Then, depending on the method used to set the password, you also need to instruct the server to reload the authorized tables so that the server knows about these changes (when the server starts, it loads the tables into memory and changes them without realizing it). If so, you must explicitly tell it to reread the tables.
For versions above MySQL3.22, you can use the Mysqla d i n program to set the password as follows and replace the "your password" in the following command with the password you choose:
% mysqladmin-uroot Password "Your password"
For any version of MySQL, you can use the MySQL program and directly update the user-authorized tables in the MySQL database:
% mysql-uroot mysql mysql>update user SET Password=password ("Your Password")
-> whree user= "root";
If you have an older version of MySQL, you can use MySQL and an UPDATE statement, which also includes the shared software version of Windows.
After setting the password, see if you want to instruct the server to reload the authorized table by running the following command:
% mysqladmin-uroot Status
If the server still allows you to connect as root without using a password, you should tell it to re-read the authorized table (MySQL3.22 version also allows the mysqladmin flush.privileges command and F L U S H Privileges sql Sentence reload table):
% Mysqladmin-uroot Reload
After you set the password for root (and reload the authorized table, if necessary), you need to specify a new password when you connect to the server as root.