Documentation Home
Security in MySQL
Related Documentation Download this Excerpt
PDF (US Ltr) - 2.0Mb
PDF (A4) - 2.0Mb
HTML Download (TGZ) - 423.8Kb
HTML Download (Zip) - 430.9Kb


Security in MySQL  /  ...  /  Elements of MySQL Enterprise Firewall

6.7.1 Elements of MySQL Enterprise Firewall

MySQL Enterprise Firewall is based on a plugin library that includes these elements:

  • A server-side plugin named MYSQL_FIREWALL examines SQL statements before they execute and, based on its in-memory data cache, renders a decision whether to execute or reject each statement.

  • Server-side plugins named MYSQL_FIREWALL_USERS and MYSQL_FIREWALL_WHITELIST implement INFORMATION_SCHEMA tables that provide views into the in-memory firewall cache.

  • Tables in the mysql system database provide persistent backing storage of firewall data.

  • Stored procedures perform tasks such as registering firewall subjects (entities to which the firewall applies), establishing their operational mode, and managing transfer of firewall data between the in-memory cache and persistent storage.

  • User-defined functions provide an SQL-level API for lower-level tasks such as synchronizing the cache with persistent storage.

  • System variables enable firewall configuration and status variables provide runtime operational information.

  • The FIREWALL_ADMIN and FIREWALL_USER privileges enable users to administer firewall rules for any user, and their own firewall rules, respectively.