
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
238
|
Chapter 8: Database Security
You might also consider LDAP (Chapter 7). If your main use of a database is for user
authentication and you don’t need SQL, LDAP may be a faster and simpler solution.
Types of Security Problems
The problems a database server may encounter should sound familiar:
• Server compromise. Any software, especially code written in languages such as C
or C++, has the potential for buffer overflows, format-string attacks, and other
exploits that are by now all too familiar. And software written in any language
has logic errors and plain old blunders.
• Data theft. Data can be extracted from the database even if everything seems to
be configured well. It just takes one logical error or an overly permissive access
control.
• Data corruption or loss. The person in the mirror may do as much damage inad-
vertently as the hooded and cloaked database vandal does by design.
• Denial of Service. MySQL is fast but does not always degrade gracefully under
load. We’ll see how far it bends before it breaks, and how to prevent the latter.
Server Location
Where should you place a database server? The main factors are:
• Who will access the database?
• How important is the data?
Exposing a database directly to the public might earn you a call from the Society for
the Prevention of