Chapter 20. Securing MySQL

Databases contain critical data about a company's operations, customers, and history. Most companies would have a difficult time surviving a data loss or data theft. This chapter reviews the various features of MySQL that can be used to secure MySQL databases.

One of the worst assumptions a developer or administrator can make is "At this point, trust is assumed." Allowing an anonymous user, allowing a specific user from any machine, and trusting data that was verified in a previous step are examples of assuming trust. These assumptions result in security breaches when it is possible to subvert the reason trust is allowed.

Having many different layers of security is called defense in depth. It is a critical strategy that is often overlooked. It is all too easy to believe that there are no vulnerabilities and no ways to bypass security measures on operating systems, databases, application code, web servers, application servers, and firewalls. Unfortunately, it is possible that one or more of the security mechanisms in place may fail. With defense in depth, a failure of one layer need not result in a security incident.

Access Control Lists

An access control list (ACL) is a list of associated permissions. This list specifies which users are allowed to perform operations on an object. In MySQL, the object can be global or tied to ...

Get MySQL® Administrator's Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.