We can use following best practices to make MySQL secure against attackers:
- Password: Each MySQL account should have a password. Also the password should be strong enough so that it can not be cracked by an attacker.
- Unix account: Only the Unix user account with read or write privileges should run the mysqld process.
- Root: MySQL should not be run by Unix root user. Because any user with FILE privilege in MySQL will be able to create file as root user.
- FILE privilege: We should not give FILE privilege to non-administrative users in MySQL.
- PROCESS/SUPER Privilege: Also it is not advisable to give PROCESS or SUPER privilege to non-administrative users.
- SYMLINK: We should not allow symlinks to tables in MySQL.
- Connections: We should limit the number of connections allowed to an account in MySQL.