Mysql is a free and effective solution used by most databases on the net. Following, is a short guide for ensuring the security and integrity of your data.
- Restrict remote access
Think where and how the system is going to be used and allow only certain IP addresses to log onto it unless of course it has to be directly accessed by the public.
In that case I would recommend having the front end separately and the backend on another server that can be only accessed from the front end server.
- Change root username and password
This is pretty much self explanatory. Hackers often attempt to gain access to its permissions. To make this task harder, rename “root” to something else and provide it with a long, complex alphanumeric password.
- Remove the “test” database
MySQL comes with a “test” database intended as a test space. It can be accessed by the anonymous user, and is therefore used by numerous attacks.
- Remove Anonymous and obsolete accounts.
For the same reasons as described above.
- Lower system and database privileges.
Permissions should be as low as possible although they should still allow the system to operate as it should and also allow the developer to make any changes required without issues
- Enable Logging
Keep a log file for everything on your system. This makes monitoring and tracking of malicious users easier.
- Keep your systems always updated.
In my opinion though, the most important points are that you should always remove the default MySql logins and table and most importantly your permissions. You should always give permissions to Apache and never to root. If your MySql database is controlled by root then a hacker can brute force himself into your server and having root he can tamper with your database with no effort. A firewall can always be bypassed by any experienced hacker but it should always be installed and appropriately configured on any server.