Documentation Home
MySQL 5.7 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 37.8Mb
PDF (A4) - 37.8Mb
PDF (RPM) - 36.4Mb
HTML Download (TGZ) - 9.9Mb
HTML Download (Zip) - 9.9Mb
HTML Download (RPM) - 8.6Mb
Man Pages (TGZ) - 209.5Kb
Man Pages (Zip) - 318.7Kb
Info (Gzip) - 3.5Mb
Info (Zip) - 3.5Mb
Excerpts from this Manual

Chapter 6 Security

Table of Contents     [+/-]

6.1 General Security Issues     [+/-]
6.2 The MySQL Access Privilege System     [+/-]
6.3 MySQL User Account Management     [+/-]
6.4 Using Encrypted Connections     [+/-]
6.5 Security Plugins     [+/-]

When thinking about security within a MySQL installation, you should consider a wide range of possible topics and how they affect the security of your MySQL server and related applications:

  • General factors that affect security. These include choosing good passwords, not granting unnecessary privileges to users, ensuring application security by preventing SQL injections and data corruption, and others. See Section 6.1, “General Security Issues”.

  • Security of the installation itself. The data files, log files, and the all the application files of your installation should be protected to ensure that they are not readable or writable by unauthorized parties. For more information, see Section 2.10, “Postinstallation Setup and Testing”.

  • Access control and security within the database system itself, including the users and databases granted with access to the databases, views and stored programs in use within the database. For more information, see Section 6.2, “The MySQL Access Privilege System”, and Section 6.3, “MySQL User Account Management”.

  • The features offered by security-related plugins. See Section 6.5, “Security Plugins”.

  • Network security of MySQL and your system. The security is related to the grants for individual users, but you may also wish to restrict MySQL so that it is available only locally on the MySQL server host, or to a limited set of other hosts.

  • Ensure that you have adequate and appropriate backups of your database files, configuration and log files. Also be sure that you have a recovery solution in place and test that you are able to successfully recover the information from your backups. See Chapter 7, Backup and Recovery.

User Comments
  Posted by on December 9, 2003
It really should be pointed out that running mysqld as nobody is almost
as bad as running it as root. Toss in e.g. apache run as nobody and
anyone who can execute CGI programs can do whatever he wants to
your database. Hooray.
  Posted by Anders Björklund on January 29, 2004
Any service/daemon [such as MySQL] should run under its own separate user. Services that can access the filesystem should not own its own binaries since a change in them can be quite spectacular at reboot/restart :-)

Limit the service-user to read/write only the files neccessary for its proper operation.

[Off topic]
If you are running for example apache and allowing users to run their own cgi's, you should compile it/setup for using suEXEC to run as a particular user/site owner.
Sign Up Login You must be logged in to post a comment.