Oracle considers cloud security its highest priority. The following security features help keep your data safe and secure.
Database access control and account management
MySQL provides security features to control access and manage your account. See Access Control and Account Management.
MySQL HeatWave on AWS supports a plugin library that enables Administrators to introduce an increasing delay in server response to connection attempts after a configurable number of consecutive failed attempts. This capability provides a deterrent that slows down brute force attacks against MySQL user accounts. The default connection control settings, which cannot be modified, are as follows:
Encryption at rest
Your data is always encrypted at rest. MySQL HeatWave on AWS uses Amazon EBS encryption. Boot volumes are encrypted on MySQL DB System and HeatWave nodes, and the database volume is encrypted on the MySQL DB System. For information about EBS encryption, see Amazon EBS Encryption, in the Amazon EC2 User Guide for Linux Instances.
Encryption in transit
Your data is always encrypted while in transit. MySQL HeatWave on AWS supports TLSv1.2 and requires that all MySQL client and application connections are encrypted. For added security, download a signed certificate bundle to enable host name identity verification for connecting clients and applications. For more information, see Section 5.4, “Enabling Host Name Identity Verification”.
MySQL Enterprise Data Masking and De-Identification
Use data masking and de-identification to protect your sensitive data. MySQL HeatWave on AWS supports various MySQL data masking functions that mask data to remove identifying characteristics and generate random data with specific characteristics. The following data masking functions are supported:
For more information, see MySQL Enterprise Data Masking and De-Identification.
MySQL HeatWave on AWS enforces strong passwords with the
validate_passwordcomponent, serves to improve security by requiring account passwords and enabling strength testing of potential passwords. The default value of the variables of the validate_password component are as follows, and you cannot change the default values:
Make sure your applications comply with the password requirements. For more information, see The Password Validation Component.
MySQL Enterprise Firewall
MySQL Enterprise Firewall enables database Administrators to permit or deny SQL statement execution based on matching against lists of accepted statement patterns. This helps harden MySQL against attacks such as SQL injection or attempts to exploit applications by using them outside of their legitimate query workload characteristics. For more information, see MySQL Enterprise Firewall.