MySQL is among the most common database servers majorly used on Linux the operating systems. It is technically very strong. All the modern applications based on Joomla, WordPress, Magneto, or e-commerce, work very well with MySQL. When MySQL is integrated with Cpanel it is even easier to manage the database.

In this article we shall learn how to secure MySQL in the easiest possible way. So here we go.

Overall Security – A General Overview:
  • Security is the most important part to be considered, not just with MySQL server but also with the entire system against all types of compromises or attacks.
  • MySQL is installed automatically during cpanel installation. The base password is set as an arbitrary password. If you are able to connect to the MySQL server without being prompted for a password, anyone can do so as it allows user with full privileges.
  • Tip Time: You should always use strong passwords. You can use the password generator option as illustrated below.
  • Install effective firewall and make sure MySQL is running protected by the firewall.
Strategies for a Strong Password

Strong passwords are the best solution to many problems in common. MySQL saves the password for all the users or their accounts in the MySQL. User table Right of entry to this table should never be permitted to any non-administrative user. Also ensure that there are no users without password in the MySQL. user table as it is highly unsecured.

For cPanel & WHM, you can put password strength policies in place for MySQL database users also. This will automatically allow users to set strong password.
  • Login to WHM.
  • Click on “Security Center”.
  • Click on “Password strength configuration”. Here we recommend making default password strength to 40.
1. System Variables Which Impact Security

If local-infile variable is disabled, clients cannot use LOCAL in LOAD DATA commands. There are possible security problems with LOAD DATA statement. The command should hence be inactivated by adding the set-variable=local-infile=0 to the [MySQLd] section of my.cnf.

skip-name-resolve is a general scope variable which will not resolve hostname while checking connections in the client server. It is optional, but it can help to increase performance by disabling the DNS lookups if you have slow DNS. Just incorporate –skip-name-resolve to the [MySQLd] part of my.cnf.

skip-show-database is again a global room variable which controls the access to enter the SHOW database statement. The SHOW DATABASES command should be deleted completely by inserting skip-show-database to the [MySQLd] part of my.cnf.

2. Securing MySQL Server

cPanel has a script known as “secureMySQL” which is positioned in scripts. This script can assist in securing the cPanel server’s MySQL structure with many commands. Apart from ensuring that the cPanel MySQL base password is set, the script also ensures that the database directory of MySQL /var/lib/MySQL is properly owned by the user MySQL so that it cannot be accessed or understood by unsolicited users.

If you still have any doubt about MySQL configuration, or if you have an administrator unfamiliar with the cPanel MySQL permission schema, it is first suggested to have a back-up of the entire /var/lib/MySQL directory, post which you can run the secure MySQL script to remove the possibility of your system being affected.
Bhawani Singh
First release
Last update
0.00 star(s) 0 ratings

More resources from Bhawani Singh