I’m starting a web project and I decided to save some money by hosting my MySQL database in a cheap instance in Digital Ocean. I was a little concerned about security so I did some research and found some ways to make my installation a little safer.
The first thing any installation must do is run:
1 sudo mysql_secure_installation
This step will allow you to set a root password if you haven’t already done so. This of course is something you must do if you want any kind of security. The script will also remove the default anonymous account, only allow root connections from localhost and remove the test database.
If you expect connections to your mysql database to come from a single host you can restrict this inside /etc/my.cnf by adding something like this:
1 bind-address = 127.0.0.1
This can be any valid IP address. If you want to allow connections from more than one IP addresses then you will have to do this at the network level.
MySQL allows you to load data from the local file system using a LOAD statement. If you are not using this statement, the best thing is to remove the access to local files altogether. You can do this by adding a line to your /etc/my.cnf file:
1 local-infile = 0