Information security for any database system, not just
MySQL, starts with a layered approach.
Information systems are built in layers, and each has its own
In this article, we’ll take a look at some general
principles for securing MySQL servers. Then we’ll focus on three layers: the
configuration of MySQL itself, and its two main models of MySQL security: Authentication
(connections) and Authorization (permissions).
A layered approach
Bruce Schneier, in his book Secrets and Lies: Digital
Security in a Networked World, writes that “threat modeling is the
first step in any security solution.”
If you don’t know how someone might compromise the system, how can you
design ways to prevent them from doing so?
Also, no single method of security is perfect: each has gaps
and flaws. By layering multiple methods, the combination is much stronger. An
attacker has to cross multiple barriers to compromise the system. Table A
illustrates some of these security layers.
The foundation layer is the physical security of the
machine. An attacker who can access the machine itself and its console can
circumvent all the other layers. It’s tempting to put up a MySQL Server at
someone’s desk because it’s easy to download and install, and the community
version is free. Some servers start out that way, as test and development
boxes. But desktop machines must support many purposes, and are not likely to
be configured securely. They’re not backed up as regularly, may not have
reliable power, and are more exposed to physical damage as well as passersby. Any
system with data worth protecting needs to be located in a secure server room.