Stage 1: Check whether user @host is allowed to connect with this password.
Stage 2: Check each query to see whether this user@host has sufficient privilege. Check the user and host tables first, then db , and then tables_priv and columns_priv .
User table rows with more specific hosts are used in preference to those with less specific hosts .
Security Guidelines
Make sure you set a root password for MySQL.
Delete anonymous accounts; they allow access to strangers and may keep out legitimate users.
Be very careful about granting the privileges FILE , PROCESS , and WITH GRANT OPTION .
Encrypt application-level passwords with MD5() or CRYPT() rather than PASSWORD() .
Don't run mysqld as the Unix root user. Create a low-privilege user specifically to run mysqld.
Limit access to mysqld to the MySQL low-privilege user.
Limit access to programs and scripts as necessary to the user. Use the principle of least privilege: Give users access only if they really need it!
Limit access to the data directory to the MySQL user.
Never trust data directly from the user. Always filter it in your application-level logic.
Turn on SSL connections if encrypted connections are required.
Remember to watch the physical security of your MySQL server!
