Due to differing needs and requirements this is difficult to answer except on a case by case basis. The MySQL website has a section regarding general security of a MySQL database available here: http://dev.mysql.com/doc/refman/5.0/en/security.html
Additionally some good practices are:
- Verify your root MySQL account password is set
- the test account and database that were created during the initial installation
- Login to mysql as root, from the command prompt “shell> mysql –u root –p mysql” and enter the password when prompted
- mysql> drop database test;
- mysql> use mysql;
- mysql> delete from user where user=’test’;
- mysql> delete from user where user=”;
- mysql> flush privileges;
- Make sure that each account has a password set
- Do not grant global privileges unnecessarily
- Avoid using wildcards in the hostname value associated with accounts
- Periodically review users and databases that are setup in MySQL
- Do not use passwords on the command line. From the command line you can login to MySQL using “shell> mysql –u root –password=somepassword mysql” the problem with this is anyone on the server could view your password with a simple process list command “shell> ps”. The correct usage would be: “shell> mysql –u root –p mysql”, from this MySQL will prompt your for your password and it will not show up in the process list as plain text.
Note: There are many excellent articles available on the web for MySQL security. Go to your search engine of choice and search “securing mysql” and you should have reading for weeks.
Very good post! Thank you for the work done!