MYSQL_SECURE_INSTALLATION(1) | MySQL Database System | MYSQL_SECURE_INSTALLATION(1) |
NAME¶
mysql_secure_installation - improve MySQL installation security
SYNOPSIS¶
mysql_secure_installation
DESCRIPTION¶
This program enables you to improve the security of your MySQL installation in the following ways:
mysql_secure_installation helps you implement security recommendations similar to those described at Section 2.10.4, “Securing the Initial MySQL Account”.
Normal usage is to connect to the local MySQL server; invoke mysql_secure_installation without arguments:
mysql_secure_installation
When executed, mysql_secure_installation prompts you to determine which actions to perform.
The validate_password component can be used for password strength checking. If the plugin is not installed, mysql_secure_installation prompts the user whether to install it. Any passwords entered later are checked using the plugin if it is enabled.
Most of the usual MySQL client options such as --host and --port can be used on the command line and in option files. For example, to connect to the local server over IPv6 using port 3307, use this command:
mysql_secure_installation --host=::1 --port=3307
mysql_secure_installation supports the following options, which can be specified on the command line or in the [mysql_secure_installation] and [client] groups of an option file. For information about option files used by MySQL programs, see Section 4.2.2.2, “Using Option Files”.
For additional information about this and other option-file options, see Section 4.2.2.3, “Command-Line Options that Affect Option-File Handling”.
For additional information about this and other option-file options, see Section 4.2.2.3, “Command-Line Options that Affect Option-File Handling”.
For additional information about this and other option-file options, see Section 4.2.2.3, “Command-Line Options that Affect Option-File Handling”.
The exception is that the .mylogin.cnf file is read in all cases, if it exists. This permits passwords to be specified in a safer way than on the command line even when --no-defaults is used. To create .mylogin.cnf, use the mysql_config_editor utility. See mysql_config_editor(1).
For additional information about this and other option-file options, see Section 4.2.2.3, “Command-Line Options that Affect Option-File Handling”.
For additional information about this and other option-file options, see Section 4.2.2.3, “Command-Line Options that Affect Option-File Handling”.
On Windows, this option applies only if the server was started with the named_pipe system variable enabled to support named-pipe connections. In addition, the connection must be a member of the Windows group specified by the named_pipe_full_access_group system variable.
These --ssl-fips-mode values are permitted:
Note
If the OpenSSL FIPS Object Module is not available, the only permitted value for --ssl-fips-mode is OFF. In this case, setting --ssl-fips-mode to ON or STRICT causes the client to produce a warning at startup and to operate in non-FIPS mode.
This option was added in MySQL 8.0.16.
COPYRIGHT¶
Copyright © 1997, 2022, Oracle and/or its affiliates.
This documentation is free software; you can redistribute it and/or modify it only under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License.
This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with the program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or see http://www.gnu.org/licenses/.
SEE ALSO¶
For more information, please refer to the MySQL Reference Manual, which may already be installed locally and which is also available online at http://dev.mysql.com/doc/.
AUTHOR¶
Oracle Corporation (http://dev.mysql.com/).
11/26/2022 | MySQL 8.0 |