MySQL Enterprise Firewall is based on a plugin library that includes these elements:
A server-side plugin named
MYSQL_FIREWALLexamines SQL statements before they execute and, based on the registered firewall profiles, renders a decision whether to execute or reject each statement.
MYSQL_FIREWALLplugin, along with server-side plugins named
MYSQL_FIREWALL_WHITELISTimplement Performance Schema and
INFORMATION_SCHEMAtables that provide views into the registered profiles.
Profiles are cached in memory for better performance. Tables in the
mysqlsystem database provide backing storage of firewall data for persistence of profiles across server restarts.
Stored procedures perform tasks such as registering firewall profiles, establishing their operational mode, and managing transfer of firewall data between the cache and persistent storage.
Administrative functions provide an API for lower-level tasks such as synchronizing the cache with persistent storage.
System variables enable firewall configuration and status variables provide runtime operational information.
FIREWALL_USERprivileges enable users to administer firewall rules for any user, and their own firewall rules, respectively.
FIREWALL_EXEMPTprivilege (available as of MySQL 8.0.27) exempts a user from firewall restrictions. This is useful, for example, for any database administrator who configures the firewall, to avoid the possibility of a misconfiguration causing even the administrator to be locked out and unable to execute statements.