1. 更改默认端口(默认3306)
可以从一定程度上防止端口扫描工具的扫描
2. 删除掉test数据库
drop database test;
3. 密码改的复杂些
# 1 set password for root@localhost=password('test'); # 2 use mysql; update user set password=password('test') where user='root'; flush privileges;
4. 删除默认的用户
use mysql; delete from db; delete from user where not(host="localhost" and user="root"); flush privileges;
5. 改变默认mysql管理员的名称
use mysql; update user set user="admin" where user="root"; flush privileges;
6. 禁止远程连接mysql
a. 设置帐号不允许从远程登陆,只能在localhost
use mysql; update user set host = '%' where user = 'admin'; select host, user from user;
b. 授权某个特定的用户可以从远程登录mysql
(1) 设定任务主机,都可以根据某个用户名|密码,登录mysql服务的所有数据库
grant all privileges on *.* to 'myuser'@'%' identified by 'mypassword' with grant option; flush privileges;
(2) 设定特定IP的主机,根据某个用户名|密码,登录mysql服务的所有数据库
grant all privileges on *.* to 'myuser'@'192.168.1.3' identified by 'mypassword' with grant option; flush privileges;
(3) 设定特定IP的主机,根据用某个户名|密码,登录指定的数据库(dk--数据库名)
grant all privileges on dk.* to 'myuser'@'192.168.1.3' identified by 'mypassword' with grant option; flush privileges;