I just stumbled upon a script that MySQL includes nowadays called mysql_secure_installation. It runs a series of steps to remove some of the default installation options that MySQL installs, like an anonymous user and a test database. When you run the script, it does for the following:

  • Prompts you to change your MySQL root password, especially if you haven't set a root password yet.
  • Removes anonymous access to your database server.
  • Restricts root access to localhost only.
  • Drops the 'test' table that's installed automatically.
  • Flushes the privileges so that all changes are taken immediately without having to restart the database server.

Here's the output when running the mysql_secure_installation in one of my servers.

In all, it's something that I've been doing manually for a while. And I bet that there are many, many developers out there who, even on production servers, don't even bother to remove these things. Obviously, this isn't the "be-all and end-all" of MySQL security, but it's a big step away from the default installation. Go run this script now! Well, unless you're a security expert who already did this, either manually or with the script. If so, then I salute you.