Secure the database server

The MySQL server has its own security mechanisms in place, via user-based access, as far as table level, with per-operation authorization (you can grant access to a certain table only, to a certain user, only allowing SELECT operations).

See securing the web server, for general MySQL administrator account guideliness. In addition:

  • do not re-use your root account credentials in your scripts! This way, there’s no need to store these on the file system. Instead, create a separate database for the purpose of your website/application, create an user account (with the relevant privileges) for that database only, and store these credentials on the file system (as securely as possible). If your application requires multiple databases, either do the same for each (possibly having a single set of credentials for all of them), or create an user that can create databases, but without the other root privileges.
  • make sure your admin credentials are not the same as those for cpanel or FTP access, nor are they the same as those you use in your system’s user management interface
Be the first to rate this article:


Leave a Reply

Your email address will not be published. Required fields are marked *

Allowed HTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Subscribe to article comments   Subscribe to all comments