Chapter 12. Security
The focus of this chapter is on what you can do as a MySQL administrator to maintain the security and integrity of your MySQL installation. We have already touched on a few security-related topics in Chapter 11, "General MySQL Administration," such as the importance of setting up the initial MySQL root password and how to set up user accounts. Those topics were dealt with as part of the process of getting your installation up and running. In this chapter, we'll look more closely at security-related issues:
Why security is important and what kind of attacks you should guard against
What risks you face from users on the server host (internal security) and what you can do about it
What risks you face from clients connecting to the server over the network (external security) and what you can do about it
The MySQL administrator is responsible for keeping the contents of databases secure so that records can be accessed only by those who have the proper authorization. This involves both internal and external security.
Internal security concerns the issues involved at the file system level—that is, protecting the MySQL data directory from attack by people who have accounts on the machine on which the server runs. It won't do you much good to make sure the grant tables controlling client access over the network are set up properly if the file permissions on the data directory contents are so permissive that someone can simply replace the files corresponding to those tables!
External security concerns the issues involved with clients connecting from outside—that is, protecting the MySQL server from attack through connections coming in over the network to the server asking for access to database contents. You want to set up the MySQL grant tables so they don't allow access to the databases managed by the server unless a valid name and password is supplied.
This chapter provides a guide to the issues you should be aware of and gives instructions showing how to prevent unauthorized access at both the internal and external levels.