Chapter 12. MySQL and Security
As a MySQL administrator, you are responsible for maintaining the security and integrity of your MySQL installation. Chapter 11, "General MySQL Administration," already touched on a few security-related topics, such as the importance of setting up the initial MySQL root account passwords and how to set up user accounts. Those topics were dealt with as part of the process of getting your installation up and running. In this chapter, we'll look more closely at security-related issues:
The MySQL administrator is responsible for keeping the contents of databases secure so that records can be accessed by only those who have the proper authorization. This involves both internal and external security. Internal security concerns the issues that arise in relation to other users who have direct access to the MySQL server hostthat is, other users who have login accounts on that host. Generally, internal security exploits involve filesystem access, so you need to protect the contents of your MySQL installation from being attacked by people who have accounts on the machine on which the server runs. In particular, the server's data directory should be owned and controlled by the login account used for running the MySQL server. If you don't do this, your other security-related efforts may be compromised. For example, you'll want to make sure you've properly set up the MySQL accounts listed in the grant tables that control client connections over the network, but the integrity of those tables depends on adequate filesystem protection. If the access mode for the data directory contents is too permissive, someone might be able to put in place an entirely different client access policy by replacing the files that correspond to the grant tables.
External security concerns the issues involved with clients connecting from outside. It's necessary to protect the MySQL server from being attacked through connections coming in over the network asking for access to database contents. You should set up the MySQL grant tables so that they don't allow access to the databases managed by the server unless a valid name and password are supplied. Another danger is that it may be possible for a third party to monitor the network and capture traffic between the server and a client. If this is a concern, you may want to configure your MySQL installation to support connections that use the Secure Sockets Layer (SSL) protocol.
This chapter provides a guide to the security issues you should be aware of and gives instructions showing how to prevent unauthorized access at both the internal and external levels. The chapter often refers to the login account used for running the MySQL server and for performing other MySQL-related administrative tasks. The user and group names used here for this account both are mysql. Change the names in the examples if you use other user and group names (for example, if you run the MySQL server using your own login account).