Background
If you're going to keep up with the attackers, it's important to have up-to-date sources of information. Here are a few pointers toward good reading material on MySQL security:
- Read the MySQL security guidelines at http://dev.mysql.com/doc/mysql/en/Security.html.
MySQL AB has an extremely responsive security team and they feed back the information they glean from third parties and bug reports into their documentation. Consequently, the security documentation associated with MySQL is very good — up-to-date, fairly comprehensive, and easily understandable. This should be your first port of call for security info relating to MySQL.
- Visit http://www.mysql.com/products/mysql/ often, and check for updates.
MySQL releases new versions of the database frequently. When it does, it always has a comprehensive change log that details everything that was added or fixed in the new version. Often these logs can make interesting reading. It's obviously up to you to decide if you want to upgrade to the latest version — the effort of doing so may not be justified in your particular case — but it's certainly worth monitoring releases to see what's new. If you're at the stage in a project where you have some time to decide on a DBMS and you're looking at MySQL, this is a good place to go for a deeper understanding of which version supports which feature — and what security bugs are present in older versions.
- Know your bugs! Check vulnerability databases such as SecurityFocus and ICAT regularly ...
Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
