Securing MySQL on Mac OSX

Report · Mar 11, 2009

I am in the process of installing MySQL and PHP on my Mac and I have come to a section that is called 'Securing MySQL on Mac OSX'.

Basically it states that MySQL is up and running with a default account of 'root' and it's not password protected and so I need to plug that security gap.

I've always used root as my account when working on PC's but having read this in David's book, I am now concerned; does this mean that I am open to attack from a potential hacker if I don't password protect MySQL?

It mentions that root in MySQL has nothing to do with the root of Mac OSX, but I need to know if MySQL being unprotected in this way has opened a door for hackers.

TIA

Mat

Report · Mar 11, 2009

matthew stuart wrote:
> I am in the process of installing MySQL and PHP on my Mac and I have come to a
> section that is called 'Securing MySQL on Mac OSX'.
>
> Basically it states that MySQL is up and running with a default account of
> 'root' and it's not password protected and so I need to plug that security gap.
>
> I've always used root as my account when working on PC's but having read this
> in David's book, I am now concerned; does this mean that I am open to attack
> from a potential hacker if I don't password protect MySQL?
>
> It mentions that root in MySQL has nothing to do with the root of Mac OSX, but
> I need to know if MySQL being unprotected in this way has opened a door for
> hackers.

Is your computer behind a firewall? Can your computer be seen on the
internet? If not, then its only people inside your network that can see
your computer and access it.

To be safe, just give the mysql root user a nice secure password.

I always create a mysql user for front end connections, with limited
permissions, and then another one for back end connections, with
relevant permissions for its tasks.

Dooza
--
Posting Guidelines
http://www.adobe.com/support/forums/guidelines.html
How To Ask Smart Questions
http://www.catb.org/esr/faqs/smart-questions.html

Report · Mar 11, 2009

matthew stuart wrote:
> It mentions that root in MySQL has nothing to do with the root of Mac OSX, but
> I need to know if MySQL being unprotected in this way has opened a door for
> hackers.

No, just follow the instructions, and you'll have a secure installation
of MySQL.

--
David Powers
Adobe Community Expert, Dreamweaver
http://foundationphp.com

Report · Feb 18, 2010

I'm trying to secure MySql on Snow Leopard (10.6.2) as per the instructions (from page 273 of David's book). I have "amended PATH in the bash shell in OS X 10.4 or later", as directed.

When I then try to set the MySql root password by typing "mysql -u root" in Terminal, I get a "command not found" message.

Any suggestions?… in layman's terms as far as possible, please….

TIA

Hugh

Report · Feb 18, 2010

I have progressed a few steps....

I am now getting the error below when I type "mysql -u root" in Terminal.

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

Any help would be much appreciated.

Hugh

Report · Feb 18, 2010

Try using mysql -u root -p

The -p will make it prompt you for a password.

Ken Ford

Report · Feb 18, 2010

Thanks, Ken, for your help. I figured it out, in fact. The root user on my MySql server already had a password set. Typing the following:

mysqladmin -u root -p password "newpassword"

... did the job for me.