As a MySQL administrator, you are responsible for maintaining the security and integrity of your MySQL installation. Chapter 11, "General MySQL Administration," already touched on a few security-related topics, such as the importance of setting up the initial MySQL root password and how to set up user accounts. Those topics were dealt with as part of the process of getting your installation up and running. In this chapter, we'll look more closely at security-related issues:
Why security is important and what kind of attacks you should guard against
Risks you face from other users with login accounts on the server host (internal security) and what you can do about them
Risks you face from clients connecting to the server over the network (external security) and what you can do about them
The MySQL administrator is responsible for keeping the contents of databases secure so that only those who have the proper authorization can access records. This involves both internal and external security. Internal security concerns the issues that arise in relation to other users who have direct access to the MySQL server host?that is, other users who have login accounts on that host. Generally, internal security exploits involve file system access, so you'll want to protect the contents of your MySQL installation from being attacked by people who have accounts on the machine on which the server runs. In particular, the data directory should be owned and controlled by the administrative MySQL login account used for running the server. If you don't do this, your other security-related efforts may be compromised. For example, you'll want to make sure you've properly set up the accounts listed in the grant tables that control client connections over the network. But if the access mode for the data directory contents is too permissive, someone might be able to put in place an entirely different client access policy by replacing the files that correspond to the grant tables.
External security concerns the issues involved with clients connecting from outside. It's necessary to protect the MySQL server from being attacked through connections coming in over the network asking for access to database contents. You should set up the MySQL grant tables so they don't allow access to the databases managed by the server unless a valid name and password are supplied. Another danger is that it may be possible for a third party to monitor the network and capture traffic between the server and a client. If this is a concern, you may want to configure your MySQL installation to support connections that use the Secure Sockets Layer (SSL) protocol.
This chapter provides a guide to the issues you should be aware of and gives instructions showing how to prevent unauthorized access at both the internal and external levels. The chapter often refers to the login account used for running the MySQL server and for performing other MySQL-related administrative tasks. The user and group names used here for this account are mysqladm and mysqlgrp. Change the names in the examples if you use other user and group names.