MySQL 5.7 Reference Manual
MySQL 5.7 Release Notes
Abstract
This is the MySQL Security Guide extract from the MySQL 5.7 Reference Manual.
For legal information, see the Legal Notices.
For help with using MySQL, please visit the MySQL Forums, where you can discuss your issues with other MySQL users.
Document generated on: 2024-12-06 (revision: 80403)
Table of Contents
- Preface and Legal Notices
- 1 Security
- 2 General Security Issues
- 3 Postinstallation Setup and Testing
- 4 Access Control and Account Management
- 4.1 Account User Names and Passwords
- 4.2 Privileges Provided by MySQL
- 4.3 Grant Tables
- 4.4 Specifying Account Names
- 4.5 Access Control, Stage 1: Connection Verification
- 4.6 Access Control, Stage 2: Request Verification
- 4.7 Adding Accounts, Assigning Privileges, and Dropping Accounts
- 4.8 Reserved Accounts
- 4.9 When Privilege Changes Take Effect
- 4.10 Assigning Account Passwords
- 4.11 Password Management
- 4.12 Server Handling of Expired Passwords
- 4.13 Pluggable Authentication
- 4.14 Proxy Users
- 4.15 Account Locking
- 4.16 Setting Account Resource Limits
- 4.17 Troubleshooting Problems Connecting to MySQL
- 4.18 SQL-Based Account Activity Auditing
- 5 Using Encrypted Connections
- 6 Security Plugins
- 6.1 Authentication Plugins
- 6.1.1 Native Pluggable Authentication
- 6.1.2 Old Native Pluggable Authentication
- 6.1.3 Migrating Away from Pre-4.1 Password Hashing and the mysql_old_password Plugin
- 6.1.4 Caching SHA-2 Pluggable Authentication
- 6.1.5 SHA-256 Pluggable Authentication
- 6.1.6 Client-Side Cleartext Pluggable Authentication
- 6.1.7 PAM Pluggable Authentication
- 6.1.8 Windows Pluggable Authentication
- 6.1.9 LDAP Pluggable Authentication
- 6.1.10 No-Login Pluggable Authentication
- 6.1.11 Socket Peer-Credential Pluggable Authentication
- 6.1.12 Test Pluggable Authentication
- 6.1.13 Pluggable Authentication System Variables
- 6.2 The Connection-Control Plugins
- 6.3 The Password Validation Plugin
- 6.4 The MySQL Keyring
- 6.4.1 Keyring Plugin Installation
- 6.4.2 Using the keyring_file File-Based Keyring Plugin
- 6.4.3 Using the keyring_encrypted_file Encrypted File-Based Keyring Plugin
- 6.4.4 Using the keyring_okv KMIP Plugin
- 6.4.5 Using the keyring_aws Amazon Web Services Keyring Plugin
- 6.4.6 Supported Keyring Key Types and Lengths
- 6.4.7 Migrating Keys Between Keyring Keystores
- 6.4.8 General-Purpose Keyring Key-Management Functions
- 6.4.9 Plugin-Specific Keyring Key-Management Functions
- 6.4.10 Keyring Metadata
- 6.4.11 Keyring Command Options
- 6.4.12 Keyring System Variables
- 6.5 MySQL Enterprise Audit
- 6.5.1 Elements of MySQL Enterprise Audit
- 6.5.2 Installing or Uninstalling MySQL Enterprise Audit
- 6.5.3 MySQL Enterprise Audit Security Considerations
- 6.5.4 Audit Log File Formats
- 6.5.5 Configuring Audit Logging Characteristics
- 6.5.6 Reading Audit Log Files
- 6.5.7 Audit Log Filtering
- 6.5.8 Writing Audit Log Filter Definitions
- 6.5.9 Disabling Audit Logging
- 6.5.10 Legacy Mode Audit Log Filtering
- 6.5.11 Audit Log Reference
- 6.5.12 Audit Log Restrictions
- 6.6 MySQL Enterprise Firewall
- A MySQL 5.7 FAQ: Security