PmaControl logo PmaControl
Resources MySQL optimization center MySQL Security Checks

MySQL Security Checks

Structured Markdown documentation to diagnose, measure, and optimize MySQL.

This page is original PmaControl documentation. It keeps a practical index structure for MySQL optimization work, without copying third-party content or depending on an external product.

Objective

MySQL security checks reduce attack surface: overpowered accounts, unencrypted connections, weak passwords, unnecessary global privileges, and network exposure.

Priority Checks

  1. Anonymous accounts or accounts without a password.
  2. Users with unjustified SUPER, FILE, PROCESS, GRANT OPTION, or global privileges.
  3. % access where a precise host is enough.
  4. TLS not enforced for sensitive flows.
  5. local_infile enabled without need.
  6. Binary logs and backups readable by overly broad system accounts.

Basic SQL

SELECT user, host, account_locked, password_expired
FROM mysql.user
ORDER BY user, host;

SHOW GRANTS FOR 'app_user'@'%';

Key Point

The rule is simple: every privilege needs an owner, a justification, and a lifetime.