Table of Contents
- 6.1 Authentication Plugins
- 6.1.1 Native Pluggable Authentication
- 6.1.2 Old Native Pluggable Authentication
- 6.1.3 Migrating Away from Pre-4.1 Password Hashing and the mysql_old_password Plugin
- 6.1.4 SHA-256 Pluggable Authentication
- 6.1.5 Client-Side Cleartext Pluggable Authentication
- 6.1.6 PAM Pluggable Authentication
- 6.1.7 Windows Pluggable Authentication
- 6.1.8 Socket Peer-Credential Pluggable Authentication
- 6.1.9 Test Pluggable Authentication
- 6.2 The Connection-Control Plugins
- 6.3 The Password Validation Plugin
- 6.4 MySQL Enterprise Audit
- 6.5 MySQL Enterprise Firewall
MySQL includes several plugins that implement security features:
Plugins for authenticating attempts by clients to connect to MySQL Server. Plugins are available for several authentication protocols. For general discussion of the authentication process, see Section 4.11, “Pluggable Authentication”. For characteristics of specific authentication plugins, see Section 6.1, “Authentication Plugins”.
A password-validation plugin for implementing password strength policies and assessing the strength of potential passwords. See Section 6.3, “The Password Validation Plugin”.
(MySQL Enterprise Edition only) MySQL Enterprise Audit, implemented using a server plugin, uses the open MySQL Audit API to enable standard, policy-based monitoring and logging of connection and query activity executed on specific MySQL servers. Designed to meet the Oracle audit specification, MySQL Enterprise Audit provides an out of box, easy to use auditing and compliance solution for applications that are governed by both internal and external regulatory guidelines. See Section 6.4, “MySQL Enterprise Audit”.
(MySQL Enterprise Edition only) MySQL Enterprise Firewall, an application-level firewall that enables database administrators to permit or deny SQL statement execution based on matching against whitelists of accepted statement patterns. This helps harden MySQL Server against attacks such as SQL injection or attempts to exploit applications by using them outside of their legitimate query workload characteristics. See Section 6.5, “MySQL Enterprise Firewall”.