As mentioned in Section 4.1.2, the MySQL daemon should run as a non-privleged, unique user. Be sure to consult the MySQL documentation or the documentation that came with your system for instructions.
By default, MySQL comes with a "root" user with a blank password and an "anonymous" user, also with a blank password. In order to protect your data, the "root" user should be given a password and the anonymous user should be disabled.
Example 4-1. Assigning the MySQL "root" User a Password
bash$ mysql mysql mysql> UPDATE user SET password = password('new_password') WHERE user = 'root'; mysql> FLUSH PRIVILEGES; |
Example 4-2. Disabling the MySQL "anonymous" User
bash$ mysql -u root -p mysql Enter Password: new_password mysql> DELETE FROM user WHERE user = ''; mysql> FLUSH PRIVILEGES; |
If MySQL and your webserver both run on the same machine and you have no other reason to access MySQL remotely, then you should disable the network access. This, along with the suggestion in Section 4.1.1, will help protect your system from any remote vulnerabilites in MySQL.