Security in MySQL :: 2 General Security Issues :: 2.2 Keeping Passwords Secure :: 2.2.2 Administrator Guidelines for Password Security

« 2.2.1 End-User Guidelines for Password Security

Section Navigation [Toggle]

2.2 Keeping Passwords Secure
2.2.1 End-User Guidelines for Password Security
2.2.2 Administrator Guidelines for Password Security
2.2.3 Passwords and Logging
2.2.4 Password Hashing in MySQL
2.2.5 Implications of Password Hashing Changes in MySQL 4.1 for Application Programs

2.2.2. Administrator Guidelines for Password Security

Database administrators should use the following guidelines to keep passwords secure.

MySQL stores passwords for user accounts in the mysql.user table. Access to this table should never be granted to any nonadministrative accounts.

A user who has access to modify the plugin directory (the value of the plugin_dir system variable) or the my.cnf file that specifies the location of the plugin directory can replace plugins and modify the capabilities provided by plugins.

Files such as log files to which passwords might be written should be protected. See Section 2.2.3, “Passwords and Logging”.

Previous / Next / Up / Table of Contents

User Comments

Add your own comment.

Top / Previous / Next / Up / Table of Contents