About Security :
- Security is the most important part to be considered, not just with MySQL server but also with the entire system against all types of compromises or attacks.
- MySQL is installed automatically during cpanel installation. The base password is set as an arbitrary password. If you are able to connect to the MySQL server without being prompted for a password, anyone can do so as it allows the user with full privileges.
- Tip Time: You should always use strong passwords. You can use the password generator option as illustrated below.
- Install an effective firewall and make sure MySQL is running protected by the firewall.
Strong passwords are the best solution to many problems in common. MySQL saves the password for all the users or their accounts in the MySQL. User table Right of entry to this table should never be permitted to any non-administrative user. Also, ensure that there are no users without password in the MySQL. user table as it is highly unsecured.
For cPanel & WHM, you can put password strength policies in place for MySQL database users also. This will automatically allow users to set a strong password.
- Login to WHM.
- Click on “Security Center”.
- Click on “Password strength configuration”. Here we recommend making default password strength to 40.
If a local-infile variable is disabled, clients cannot use LOCAL in LOAD DATA commands. There are possible security problems with LOAD DATA statement. The command should hence be inactivated by adding the set-variable=local-infile=0 to the [MySQLd] section of my.cnf.
skip-name-resolve is a general scope variable which will not resolve hostname while checking connections on the client server. It is optional, but it can help to increase performance by disabling the DNS lookups if you have slow DNS. Just incorporate –skip-name-resolve to the [MySQLd] part of my.cnf.
skip-show-database is again a global room variable which controls the access to enter the SHOW database statement. The SHOW DATABASES command should be deleted completely by inserting skip-show-database to the [MySQLd] part of my.cnf.
2. Securing MySQL Server
cPanel has a script known as “secureMySQL” which is positioned in scripts. This script can assist in securing the cPanel server’s MySQL structure with many commands. Apart from ensuring that the cPanel MySQL base password is set, the script also ensures that the database directory of MySQL /var/lib/MySQL is properly owned by the user MySQL so that it cannot be accessed or understood by unsolicited users.