If all clients are local clients, you can disable connections from remote clients by starting the server with —skip-networking option to disable TCP/IP connections. The server must be able to accept local connection using some other networking protocol. This is not an issue on Unix, because servers always accept connection through a Unix socket file. On Windows, local clients can use shared memory and named-pipe connections but neither of those protocols is enabled by default. Start the server with the —share-memory and —enable-named-pipe options to turns on these connection protocols.
Servers for MySQL 4.1 and up use an authentication mechanism that is more secure and provides better password protection. However, client programs from older versions do not understand this mechanism and an error occurs when they attempt to connect to a newer server. The best thing to do, if possible, is to upgrade all older (pre-4.1) clients. If that cannot be done, and your server must support older clients, you must configure the server for backward compatibility using the —old-password option. However, you should start the server with this option before setting or changing any passwords. Otherwise, you will have passwords in a mix of old and new formats.
It is possible to have the server support both old and new authentication mechanism, but this is more complex. See MySQL Reference Manual.
If you want to take the opposite approach and allow connections only by clients that have new-format passwords, start the server with —secure-auth option. This causes the server to reject connection attempts for any client that has password in the old format.
