Navigation: Appendix > Appendix A: Security Tips |
This chapter contains useful tips on how to secure a MySQL installation.
Changing the Service User Account By default the MySQL service runs as the LocalSystem account which might a security problem if your database server is connected to non-trusted network. We recommend changing the service to run under a different user account.
Adjusting Access Rights on the Data File directory We also need to change the access permissions on the directory where the data files are stored, C:\MySQL InnoDB Datafiles\ by default. This directory gives everybody full permissions by default.
This directory should really only be accessible to Administrators and the MySQL user account we just created. Configure the access rights as shown below, giving both MySQL and Administrators FULL ACCESS to the folder.
Changing the default TCP port 3306 It is sometimes a good idea to change the default port MySQL is listening on for remote connections. This can be done by adding the line
port = 9754
to the my.ini file in the [mysqld] section. The my.ini file is usually located in the installation folder of your MySQL installation. You will need to restart the service for this change to become effective. You will also need to make sure that connections from untrusted networks, such as the Internet, are sufficiently protected with a firewall or similar device.
Staying Up To Date You need to apply patches and software updates as soon as they become available to avoid security problems and worm infections. To stay informed subscribe to the low volume MySQL Announcement mailing list.
|