Contact MySQL |
Login | Register

The world's most popular open source database

Developer Zone Downloads MySQL.com

Documentation

Section Menu:

version 5.6

8.0 current
5.7
5.5

Security in MySQL

Abstract

This is the MySQL Security Guide extract from the MySQL 5.6 Reference Manual.

For legal information, see the Legal Notices.

For help with using MySQL, please visit either the MySQL Forums or MySQL Mailing Lists, where you can discuss your issues with other MySQL users.

Document generated on: 2018-12-19 (revision: 60415)

Table of Contents [+/-]

Preface and Legal Notices

2 General Security Issues [+/-]

2.1 Security Guidelines

2.2 Keeping Passwords Secure [+/-]

2.2.1 End-User Guidelines for Password Security
2.2.2 Administrator Guidelines for Password Security
2.2.3 Passwords and Logging
2.2.4 Password Hashing in MySQL
2.2.5 Implications of Password Hashing Changes in MySQL 4.1 for Application Programs

2.3 Making MySQL Secure Against Attackers

2.4 Security-Related mysqld Options and Variables

2.5 How to Run MySQL as a Normal User

2.6 Security Issues with LOAD DATA LOCAL

2.7 Client Programming Security Guidelines

3 Postinstallation Setup and Testing [+/-]

3.1 Initializing the Data Directory [+/-]

3.1.1 Problems Running mysql_install_db

3.2 Starting the Server [+/-]

3.2.1 Troubleshooting Problems Starting the MySQL Server

3.3 Testing the Server

3.4 Securing the Initial MySQL Accounts

3.5 Starting and Stopping MySQL Automatically

4 The MySQL Access Privilege System [+/-]

4.1 Privileges Provided by MySQL
4.2 Grant Tables
4.3 Specifying Account Names
4.4 Access Control, Stage 1: Connection Verification
4.5 Access Control, Stage 2: Request Verification
4.6 When Privilege Changes Take Effect
4.7 Troubleshooting Problems Connecting to MySQL

5 MySQL User Account Management [+/-]

5.1 User Names and Passwords
5.2 Adding User Accounts
5.3 Removing User Accounts
5.4 Setting Account Resource Limits
5.5 Assigning Account Passwords
5.6 Password Expiration and Sandbox Mode
5.7 Pluggable Authentication
5.8 Proxy Users
5.9 SQL-Based MySQL Account Activity Auditing

6 Using Encrypted Connections [+/-]

6.1 Configuring MySQL to Use Encrypted Connections

6.2 Command Options for Encrypted Connections

6.3 Creating SSL and RSA Certificates and Keys [+/-]

6.3.1 Creating SSL Certificates and Keys Using openssl
6.3.2 Creating RSA Keys Using openssl

6.4 OpenSSL Versus yaSSL

6.5 Building MySQL with Support for Encrypted Connections

6.6 Encrypted Connection Protocols and Ciphers

6.7 Connecting to MySQL Remotely from Windows with SSH

7 Security Plugins [+/-]

7.1 Authentication Plugins [+/-]

7.1.1 Native Pluggable Authentication
7.1.2 Old Native Pluggable Authentication
7.1.3 Migrating Away from Pre-4.1 Password Hashing and the mysql_old_password Plugin
7.1.4 SHA-256 Pluggable Authentication
7.1.5 Client-Side Cleartext Pluggable Authentication
7.1.6 PAM Pluggable Authentication
7.1.7 Windows Pluggable Authentication
7.1.8 Socket Peer-Credential Pluggable Authentication
7.1.9 Test Pluggable Authentication

7.2 The Connection-Control Plugins [+/-]

7.2.1 Connection-Control Plugin Installation
7.2.2 Connection-Control System and Status Variables

7.3 The Password Validation Plugin [+/-]

7.3.1 Password Validation Plugin Installation
7.3.2 Password Validation Plugin Options and Variables

7.4 MySQL Enterprise Audit [+/-]

7.4.1 Installing MySQL Enterprise Audit
7.4.2 MySQL Enterprise Audit Security Considerations
7.4.3 Audit Log File Formats
7.4.4 Audit Log Logging Control
7.4.5 Audit Log Filtering
7.4.6 Audit Log Reference
7.4.7 Audit Log Restrictions

7.5 MySQL Enterprise Firewall [+/-]

7.5.1 MySQL Enterprise Firewall Components
7.5.2 Installing or Uninstalling MySQL Enterprise Firewall
7.5.3 Using MySQL Enterprise Firewall
7.5.4 MySQL Enterprise Firewall Reference

A MySQL 5.6 FAQ: Security

HOME NEXT