CHAPTER 25
Beginner
MySQL Security Best Practices
Updated: May 16, 2026
6 min read
# CHAPTER 25
MySQL Security Best Practices
1. Introduction
If a hacker gains access to your web server files, they can deface your homepage. If a hacker gains access to your database, they can steal millions of passwords, wipe out your financial records, or hold the entire company hostage for ransomware. The database is the vault, and it must be mathematically impenetrable. In this chapter, we will strip away dangerous defaults, implement strict User Permissions, and learn how to defend against the most famous database attack in history: SQL Injection.2. Learning Objectives
By the end of this chapter, you will be able to:- Explain the Principle of Least Privilege (PoLP).
- Create unique MySQL User accounts.
-
Grant and Revoke specific table permissions using
GRANT.
- Securely store passwords using Hashing (Bcrypt).
- Understand and prevent SQL Injection attacks.
3. The Danger of "Root"
When you install XAMPP, you connect to MySQL using theroot user. The root user is God. It has the power to drop tables, delete databases, and shut down the server.
CRITICAL RULE: A live web application (like your PHP code) should NEVER connect to the database using the root user. If a hacker finds a vulnerability in your PHP code, they instantly inherit God-level database permissions.
4. Creating Users and The Principle of Least Privilege
The Principle of Least Privilege (PoLP) states that a user/application should only be given the absolute minimum permissions necessary to do its job. If your PHP application only needs to read theusers table and insert into the orders table, it should NOT have permission to DROP a table.
sql
*If a hacker compromises the PHP app, they are trapped. If they try to execute DROP TABLE users;, MySQL will immediately reject it due to insufficient permissions!*
5. Password Security (Hashing vs. Plain Text)
If you build ausers table, you will have a password column.
NEVER store passwords as plain text. If the database is ever breached, the hacker instantly gets every user's raw password.
Instead, the backend application (PHP/Python) must Hash the password before sending it to MySQL. Hashing (using algorithms like Bcrypt or Argon2) scrambles the password into a mathematically irreversible string (e.g., $2y$10$abcdefg...). The database stores the scramble. Even if the database is stolen, the passwords remain completely unreadable.
6. The Ultimate Threat: SQL Injection (SQLi)
SQL Injection occurs when a hacker types malicious SQL code into a standard website form (like a Login box), and the backend poorly constructs the query, tricking MySQL into executing the malicious code.Imagine a vulnerable PHP script that blindly inserts user input into a query:
$query = "SELECT * FROM users WHERE email = '" . $_POST['email'] . "'";
A hacker types the following into the Email input box:
' OR 1=1; --
The PHP script blindly pastes it, and the final query sent to MySQL becomes:
SELECT * FROM users WHERE email = '' OR 1=1; --'
Because 1=1 is mathematically True, MySQL ignores the email check entirely, bypasses the login screen, and logs the hacker in as the first user in the database (usually the Admin)!
7. Preventing SQL Injection (Prepared Statements)
To defeat SQL Injection, we absolutely MUST separate the SQL logic from the user's input. We do this using Prepared Statements in the backend language (PHP/Node/Python).The backend sends the *structure* of the query to MySQL first, using placeholders ?.
SELECT * FROM users WHERE email = ?;
Then, in a completely separate network packet, it sends the user's input. Because MySQL already compiled the structure, it treats the user's malicious input purely as text, not as executable code. The attack fails effortlessly. (We write this exact code in Chapter 26!).
8. Common Mistakes
-
Exposing Port 3306 to the Internet: MySQL runs on Port 3306. In production, this port should be blocked by a Firewall so only the local web server (
localhost) can talk to it. If Port 3306 is open to the public internet, hackers will run automated scripts to brute-force yourrootpassword 24/7.
9. Best Practices
-
Rename the Root User: Automated hacking bots specifically look for a user named
root. Renaming the master admin account to something random (admin_sys_99) instantly defeats thousands of automated attacks.
10. Exercises
-
1.
Write the SQL command to
REVOKEtheUPDATEpermission from a user named 'intern_user'@'localhost' on thecompany_db.
-
2.
Explain why storing a user's password as 'my_secret_123' in a
VARCHARcolumn is a catastrophic security failure.
11. MCQ Quiz with Answers
Question 1
What is the fundamental mechanism of a SQL Injection (SQLi) attack?
Question 2
How do Prepared Statements actively prevent SQL Injection attacks?
12. Interview Questions
- Q: Explain the "Principle of Least Privilege" (PoLP) and how you would architect MySQL user accounts for a standard web application to adhere to it.
-
Q: Demonstrate how a classic
' OR 1=1; --SQL Injection attack mathematically manipulates aWHEREclause to bypass a login screen.
13. FAQs
Q: Can I usemd5() to hash my passwords before storing them in MySQL?
A: Absolutely NOT. MD5 is completely broken and obsolete. Modern hackers can reverse an MD5 hash in milliseconds. You must use Bcrypt or Argon2 via your backend programming language.
14. Summary
Security is not an add-on; it is the foundation of database architecture. By restricting database access through meticulousGRANT permissions, securely hashing sensitive data, and acknowledging the catastrophic threat of SQL Injection, you fortify your database against the inevitable realities of the open internet.