How To Secure Your Database (MySQL)

Tuesday, August 23, 2011

Your data is essential to your Web database application. You have spent valuable time developing your database, and it contains important information entered by you or by your users. In this post, I will show you how to protect your data from hackers.

Each account is either allowed or not allowed to perform an operation in your database, such as SELECT, DELETE, INSERT, CREATE, or DROP. You can set up an account with all privileges, no privileges, or anything in between.

Step 1. Hardening your password

For extra security, MySQL encrypts passwords before it stores them. This security ensures that no one can look at the stored passwords and see what they are. Besides, you should choose a password that is as difficult to crack as possible.

For instance: A41!14a! (include one or more of each of the following – uppercase letter, lowercase letter, number, and punctuation mark)

Step 2. Adding Accounts

One way to create accounts is to send SQL queries, such as INSERT or UPDATE, directly to the mysql database that stores account information. However, efforts to interact with mysql database generally produce error messages. On phpMyAdmin, just click on the “Add a new user” in Privileges tab.

Step 3. Removing Accounts

When you look at the list of usernames on the Privileges tab, you see a box “Remove selected user”. To remove any account, check on account that want to delete and click “Go”.

Step 4. Backing Up Your Data

First, you export the database from your Web host. The export procedure saves a text file (or SQL, CSV, JSON...) on your local computer that contains all the SQL queries needed to re-create your database. Then you use the import feature of phpMyAdmin on your local computer to restore your database.