Database administrators should use the following guidelines to keep passwords secure.
MySQL stores passwords for user accounts in the
mysql.user table. Access to this table should
never be granted to any nonadministrative accounts.
A user who has access to modify the plugin directory (the value
variable) or the
my.cnf file that specifies
the location of the plugin directory can replace plugins and
modify the capabilities provided by plugins.
Files such as log files to which passwords might be written should be protected. See Section 2.2.3, “Passwords and Logging”.