MySQL claims to be “The world's most popular open source database,” and with good reason. It's free, and runs on a wide variety of platforms. It's relatively simple, easy to configure, and performs well even under significant load. By comparison to some of the other databases discussed in this volume, it is quite simple, but still has a sufficiently wide variety of security-relevant configuration issues to make securing it a challenge.
MySQL is a somewhat unusual open source project in that the source code for the database server is owned by a company (MySQL AB, based in Sweden) and released under both the GPL and a commercial license. The commercial license comes with a support package, but more importantly, it enables other companies to incorporate the MySQL engine into their product without making their product open source.
MySQL AB recommends that the database server be installed from a binary package rather than by building the source code. Binary packages are available for the following:
and the source code itself will build on an even wider variety of platforms.
Most of the discussions in this chapter refer to the GPL version of MySQL version 4.0 and 4.1 — which is the latest production version and contains a number of important security fixes, notably significant changes to the authentication protocol ...