MySQL Enterprise Firewall is based on a plugin library that includes these elements:
A server-side plugin named
MYSQL_FIREWALLexamines SQL statements before they execute and, based on the registered firewall profiles, renders a decision whether to execute or reject each statement.
MYSQL_FIREWALLplugin, along with server-side plugins named
MYSQL_FIREWALL_WHITELISTimplement Performance Schema and
INFORMATION_SCHEMAtables that provide views into the registered profiles.
Profiles are cached in memory for better performance. Tables in the firewall database provide backing storage of firewall data for persistence of profiles across server restarts. The firewall database can be the
mysqlsystem database or a custom schema (see Installing MySQL Enterprise Firewall).
Stored procedures perform tasks such as registering firewall profiles, establishing their operational mode, and managing transfer of firewall data between the cache and persistent storage.
Administrative functions provide an API for lower-level tasks such as synchronizing the cache with persistent storage.
System variables enable firewall configuration and status variables provide runtime operational information.
FIREWALL_EXEMPTprivilege exempts a user from firewall restrictions. This is useful, for example, for any database administrator who configures the firewall, to avoid the possibility of a misconfiguration causing even the administrator to be locked out and unable to execute statements.