MySQL Security

Managing and Using MySQL - 2nd Edition:
- Database administrators manage access to the database engine itself. They provide access to individual databases for specific applications and developers. They also make sure that a poorly designed application cannot be used as a tunnel into the data of another application.
- System administrators manage the security of the OS and hardware on which MySQL runs. Their job is to ensure that only MySQL DBAs have access to the physical files used by MySQL on a given machine.
- Database architects design the access to thea pplications to which the DBAs have granted access. A DBA, for example, may have given a web site full privileges to its database, but it is up to the database architect to ensure that only valid application users are taking advantage of those privileges.

In a production environment, a user is likely to be an application. The DBA creates a user ID and password to support the application, and database security controls how that application is allowed to interact with MySQL. The application can then pass on its rights to individual users of the application by acting on their behalves to access MySQL.

It is critical to assign a password to the MySQL root user as soon as you install MySQL.

$ mysqladmin -u root password 'password'

Note that the above command only works when the MySQL root password has not been set.

If you have two web sites using the same MySQL installation to store their data, you might create tow separate users to represent those applications. You can use these two separate user IDs to protect each application from the other.