Chapter 24. Security

24.0 Introduction

This chapter covers the following security-related topics:

  • The mysql.user table that contains MySQL account information

  • Statements for managing MySQL user accounts

  • Password-strength checking and policy

  • Password expiration

  • Finding and removing anonymous accounts and accounts that permit connections from many hosts

If you like, you can skip over the initial section that describes the mysql.user table, but we think you’ll find that reading it will help you better understand later sections, which often discuss how SQL operations map onto underlying changes in that table.

Scripts shown in this chapter are located in the routines directory of the recipes distribution.

Note

Whether you use the MySQL 5.7 or 8.0 release series, it’s best to use a recent version within the series. Changes to the authentication system that occurred in early development versions that may produce results that differ from the descriptions here.

Tip

Many of the techniques shown here require administrative access, such as the ability to modify tables in the mysql system database or use statements that require the privileges that allow you to administer the MySQL server. For this reason, to carry out the operations described here, connect to the server as root rather than as cbuser.

24.1 Understanding the mysql.user Table

MySQL stores user account information in tables in the mysql system database. The user table is the most important because it contains account names and credentials. To ...

Get MySQL Cookbook, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.