I hope this question isn't too dumb
My background is that I can do basic Linux stuff but I don't have much experience configuring the basic (L)AMP applications. I do
understand what security measures I need to take but not necessarily the commands to carry them out.
I'm in the middle of administrating a client's server and now have to make sure MySQL is set-up and configured securely. I've created a root password and can log in locally to access MySQL, but when I did
SELECT host, user, password FROM user;
to list the accounts in the mysql DB it returned five values:
localhost : root : PASSWORD
127.0.0.1 : root : PASSWORD
xx.xx.xx.xx.blah.blah.com : root : PASSWORD (this the address of the server from a reverse look-up)
127.0.0.1 : :
My questions are:
1. Do I need both the localhost and 127.0.0.1 entries for root?
2. When I update root's password, do the three entries all get updated?
3. What's the purpose of the two blank accounts? Can I delete them?
Any links to good info on securing MySQL would be appreciated as well.
Thanks in advance,