Tips to secure MySQL databases

From: Eric David B.
Sent on: Monday, March 5, 2012 3:24 PM

Hi NYC MySQL Group Members,

I have received a number of really slick MySQL security tips (essentially a security "cheat-sheet") from the database security experts at GreenSQL, which I would like to share with the group.

Verifying database security readiness + applying advanced database protection methods comes down to a couple of simple steps:

1) Hardening MySQL server

2) Controlling MySQL access 

3) Defining user and system privileges

4) Using encryption on your MySQL

Here are more specifics on the 4 steps:

1)     Hardening MySQL server

·        Install anti-virus and anti-spam software

·        Configure the operating system firewall

·        Consider the safety of your server’s physical location 

·        Install the services you intend the machine to run 

·        Harden the production server and services

·        Disable unnecessary services             

·        Install security updates for your operating system

·        Follow vendors’ recommendations regarding security patches

 

2)     Controlling MySQL access

·        Consider whether MySQL will be accessed from the network or only from its own server

·        Disable the use of Local Infile

·        Modify the root username and password

·        Remove the «test» database or any default databases

 

3)     Defining user and system privileges

·        To protect your database, make sure that the file directory on which the MySQL database is actually stored is owned by the user «mysql» and the group «mysql»
(“ls -l /var/lib/mysql”)

·        Only administrator accounts should be granted the specific privileges and access to the MySQL database


3)     Using encryption on your MySQL

·        Encrypt database partitioning to protect against data theft when a third party is working on-site

·        Enable column-based encryption to ensure that decryption can only be done by the dedicated application.

As many DBAs have put it, it's better for the information to be safe than for us DBAs to be sorry! GreenSQL has compiled more great tips like these in their MySQL Security Best Practices White Paper

 Also, you can learn more by attending the GreenSQL webinar on Tuesday, March 20, 2012, 10:00 am - 11:00 am EDT, to learn how to protect your most sensitive information. Click here to register.

If you have any database security questions, the GreenSQL Database Security Team are a bunch of really nice awesome people who make themselves available to assist you, just email them :) [address removed]

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy