Chapter 6. Security

Among the many tasks of database administrators and architects is the critical one of making sure only the proper users can access data stored in the database. Ensuring proper data access (security) comes in many forms. For example:

• Database administrators (DBAs) manage access to the database engine itself. They provide access to individual databases for specific applications and developers. They also make sure that a poorly designed application cannot be used as a tunnel into the data of another application.

• System administrators manage the security of the operating system and hardware on which MySQL runs. Their job is to ensure that only MySQL DBAs have access to the physical files used by MySQL on a given machine. In many MySQL environments, the DBA and system administrator are the same person.

• Database architects design the access to the applications to which the DBAs have granted access. A DBA, for example, may have given a web site full CREATE, INSERT, UPDATE, and DELETE privileges to its database, but it is up to the database architect to ensure that only valid application users are taking advantage of those privileges.

A security failure at any one of these points can compromise the integrity of all the data in the database engine. In this chapter, we examine how to secure MySQL at all levels.