List:General Discussion« Previous MessageNext Message »
From:Grant Date:December 3 2010 9:09pm
Subject:Re: Verifying security
View as plain text  
> To verify that root has a password, do the following:
> 1) service mysql restart --skip-grant-tables
> 2) In MySQL, SELECT CONCAT('''',user,'''@''',host,'''') mysql_user,password from
> mysql.user where user='root';
> This will show every host that root can login as along with the PASSWORD
> function-encrypted of the root password
> 3) service mysql restart
> Make sure you have the user 'root'@'localhost';

I remembered my root mysql password and I was able to log into mysql
with it.  I tested for a "mysql" user with:

SELECT CONCAT('''',user,'''@''',host,'''') mysql_user,password from
mysql.user where user='mysql';

and I got "Empty set (0.00 sec)".  Can I issue a mysql command that
will check for other mysql users?

I just confirmed that I've had port 3306 open until recently.  If
mysql root has a strong password and I don't have any mysql users
besides root, can I consider myself safe?

Are there any other essential steps I should take for a secure mysql

Is it necessary for mysql root to have a password since I'm the only
user on the system and port 3306 is closed?

> With regard to --skip-networking, keep in mind that this blocks TCP/IP DB
> Connections
> This will not block socket-based connections
> i.e., this will block 'root'@'', but not 'root'@'localhost'

So --skip-networking keeps me safe from remote attackers but not from
local ones?

- Grant

> I've got a couple security questions for you guys.
> Is there a way to verify I've set a password for mysql's root?
> I was previously running mysqld without --skip-networking until I
> noticed port: 3306 was referenced in mysqld.err.  The strange thing is
> 'nmap localhost' never found an open 3306 port and I wasn't running a
> firewall on that system.  Does this behavior make sense to anyone?
> - Grant
Verifying securityGrant29 Nov
  • RE: Verifying securityRolando Edwards29 Nov
    • Re: Verifying securityGrant3 Dec
  • Re: Verifying securityMichael Dykman29 Nov
    • Re: Verifying securityGrant3 Dec