> To verify that root has a password, do the following: > > 1) service mysql restart --skip-grant-tables > 2) In MySQL, SELECT CONCAT('''',user,'''@''',host,'''') mysql_user,password > from mysql.user where user='root'; > This will show every host that root can login as along with the PASSWORD > function-encrypted of the root password > 3) service mysql restart > > Make sure you have the user 'root'@'localhost';
I remembered my root mysql password and I was able to log into mysql with it. I tested for a "mysql" user with: SELECT CONCAT('''',user,'''@''',host,'''') mysql_user,password from mysql.user where user='mysql'; and I got "Empty set (0.00 sec)". Can I issue a mysql command that will check for other mysql users? I just confirmed that I've had port 3306 open until recently. If mysql root has a strong password and I don't have any mysql users besides root, can I consider myself safe? Are there any other essential steps I should take for a secure mysql installation? Is it necessary for mysql root to have a password since I'm the only user on the system and port 3306 is closed? > With regard to --skip-networking, keep in mind that this blocks TCP/IP DB > Connections > This will not block socket-based connections > i.e., this will block 'root'@'127.0.0.1', but not 'root'@'localhost' So --skip-networking keeps me safe from remote attackers but not from local ones? - Grant > I've got a couple security questions for you guys. > > Is there a way to verify I've set a password for mysql's root? > > I was previously running mysqld without --skip-networking until I > noticed port: 3306 was referenced in mysqld.err. The strange thing is > 'nmap localhost' never found an open 3306 port and I wasn't running a > firewall on that system. Does this behavior make sense to anyone? > > - Grant -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org