13.1. General Security Guidelines
- Do not ever give anyone (except MySQL root accounts) access to the user table in the mysql database! This is critical.
- Learn the MySQL access privilege system. The GRANT and REVOKE statements are used for controlling access to MySQL. Do not grant more privileges than necessary. Never grant privileges to all hosts.
- Do not store any plaintext passwords in your database. Instead, use MD5(), SHA1(), or some other one-way hashing function and store the hash value.
- Invest in a firewall. This protects you from at least 50% of all types of exploits in any software. Put MySQL behind the firewall or in a demilitarized zone.
- See what are the privileges provided by the MySQL.