Documentation Home
Security in MySQL
Related Documentation Download this Excerpt
PDF (US Ltr) - 2.1Mb
PDF (A4) - 2.1Mb
HTML Download (TGZ) - 444.7Kb
HTML Download (Zip) - 452.0Kb


Security in MySQL  /  ...  /  Elements of MySQL Enterprise Firewall

6.7.1 Elements of MySQL Enterprise Firewall

MySQL Enterprise Firewall is based on a plugin library that includes these elements:

  • A server-side plugin named MYSQL_FIREWALL examines SQL statements before they execute and, based on the registered firewall profiles, renders a decision whether to execute or reject each statement.

  • The MYSQL_FIREWALL plugin, along with server-side plugins named MYSQL_FIREWALL_USERS and MYSQL_FIREWALL_WHITELIST implement Performance Schema and INFORMATION_SCHEMA tables that provide views into the registered profiles.

  • Profiles are cached in memory for better performance. Tables in the mysql system database provide backing storage of firewall data for persistence of profiles across server restarts.

  • Stored procedures perform tasks such as registering firewall profiles, establishing their operational mode, and managing transfer of firewall data between the cache and persistent storage.

  • User-defined functions provide an API for lower-level tasks such as synchronizing the cache with persistent storage.

  • System variables enable firewall configuration and status variables provide runtime operational information.

  • The FIREWALL_ADMIN and FIREWALL_USER privileges enable users to administer firewall rules for any user, and their own firewall rules, respectively.