Database administrators should use the following guidelines to keep passwords secure.
MySQL stores passwords for user accounts in the
mysql.user
table. Access to this table should
never be granted to any nonadministrative accounts.
Passwords can appear as plain text in SQL statements such as
CREATE USER
,
GRANT
, and
SET PASSWORD
. If these statements
are logged by the MySQL server, the passwords become available
to anyone with access to the logs. This applies to the general
query log, the slow query log, and the binary log (see
MySQL Server Logs). To guard against unwarranted
exposure to log files, they should be located in a directory
that restricts access to only the server and the database
administrator.
Replication slaves store the password for the replication master
in the master.info
file. Access to this
file should be restricted to the database adminstrator.
Database backups that include tables or log files containing passwords should be protected using a restricted access mode.