How to secure mysql database

[pesklas12]

Please correct me if i'm wrong. I came accross that mysql databases not really secure.

I just new in the company. My company have multiple servers using linux OS with mysql databases located at many branches and for some reasons I believed that mysql databases are accessible without permission by some people in the branches.

For your information, the branches and its staffs not belong to our company. They are just running our systems. They have no right to access our servers although the servers located at their places.

I am so confident that they use some brute force or any related software to get mysql username and password

Any ideas.....

[Doskono]

Well at this point it's hard to say what is secure and what isn't. If you ask me, nothing is secure! There are always ways of manipulating things which is not yours. Some things are harder than others but the answer remains.

I woudn't be worried of any brute force attacks as any brute force attacks would require multiple months before finding the username and the password combination. You may want to change your password to not a dictionary word and a combination of both letters and numbers. The lazy way of doing a brute force attack is known as a dictionary attack, this would take words of the dictionary and enter them until it matches to the password, if you're password is not a one word password then you should be fine from brute force attacks.

I will tell you this, MYSQL is the largest opensource database software in my opinion and by far the best and user friendly. The reason forums like vB, phpbb3 use mysql amongst others is because it is secure enough for any business or website out there.

also to for security reasons you should always encrypt passwords before inserting it into the database.

So your answer is yes, mysql is secure. I woudn't worry about it too much.

[pesklas12]

Dokono, thanks for the long explanation. At least i get some ideas what are the next steps.