Safety concerns on allowing connections to MySQL with no password on localhost?

Posted by ÉricO on Server Fault See other posts from Server Fault or by ÉricO
Published on 2011-03-01T02:15:10Z Indexed on 2011/03/01 7:26 UTC
Read the original article Hit count: 225

Filed under:
|
|

In the case of a Linux system, is there any security concern to let MySQL users with standard privileges (that is, not the root users) connect to the database with no password from localhost?

I think that enforcing a password even for localhost can add a layer of protection, since, with no password the database access would be compromised if the SSH access is itself compromised. Considering that, would it be less safe to allow no password connection to MySQL than having the same password for SSH and for MySQL?

I don't know if that is to be taken into account, but we also use phpMyAdmin to let users administrate their own database.

I am asking because I kinda dislike having to put our database passwords unencrypted in the source or configuration files of our applications, where they can easily be leaked unintentionally. Since our servers are configured to run our applications as the Linux user the application belongs to, I was considering allowing no password from localhost as a simple solution.

So, would that be a very bad idea or not?

© Server Fault or respective owner

Related posts about mysql

Related posts about security