Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
Python, Lua and Tcl - public course schedule [here]
Private courses on your site - see [here]
Please ask about maintenance training for Perl, PHP, Java, C, C++, Ruby, MySQL and Linux / Tomcat systems
making mysql secure

Posted by 4est (4est), 29 August 2003
does anyone know of a good guide on making mysql secure?  i have my site hosted on a ISP (i don't admin the server) so is this in the jurisdiction of the server admin or are there things that i need to do with regards to the configuration of my db?
thanks for the advice, 4est.

Posted by admin (Graham Ellis), 30 August 2003
Most ISPs will administer MySQL so that you have full access to a database who's name is the same as your main login name (or just possibly to databases who's names start with your loging name).  Your login name to MySQL will be the same name again, and it will be password protected; this may be a different password to your main login password, or you may be able to make it so ....

Provided that the MySQL is properly administered to prevent access by Joe Public or Another Accountholder to your database (that is down to the ISP setting it up right) , there should be just a few simple guidlines for you to follow.

a) Have a good MySQL password that can't easily be guessed or discovered through repeated automatic attacks.

b) Don't reveal your MySQL password to anyone, and change it if you can from time to time.

c) You'll probably need to place your MySQL password into web scripts (in your PHP or whatever language you're using).   This will make you nervous, I'm sure, but provided that  the pages are placed in a cgi-bin directory or have an extension so that they're parsed by the server and never get out, it's OK.  

MySQL accepts logins identified by user name, password, and the host from which they're logging in.   It's common for ISPs to only allow local connection (i.e. from web pages and from copies of other clients run by the user logged in by ssh or telnet) which is somewhat of a security help for the un-aware against Joe Public breaking in; even if Joe Public were to get the password, which I hope differs from your main login password, there's little use he can make of it.  If your ISP allows MySQL connections irrespective of originating host, it's fine provided that you protect your password,  and that if you do access in from halfway across the world you trust the plain text transmission involved in such an access;  if your password IS given away with such a setup, you are NOT protected against Joe Public.

Hope that gives you a flavour.  My answer has to be hedged by if-s and but-s because the main setup is done by the ISP, and then you provide the last stage.   Security relates to the combination of both.

This page is a thread posted to the opentalk forum at and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2018: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01225 708225 • FAX: 01225 793803 • EMAIL: • WEB: • SKYPE: wellho